CVE-2022-30137

EUVD-2022-35345
Executive Summary
An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers.  Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container.  All Service Fabric and Docker versions are impacted.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
6.7 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
microsoftservice_fabric
-
𝑥
= Vulnerable software versions
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30137