PT-2019-2269 · Microsoft · Azure Active Directory Connect

Published

2019-05-14

Updated

2020-08-24

CVE-2019-1000

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:H/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Azure Active Directory Connect version 1.3.20.0

Description The issue is related to insufficient access restrictions in Microsoft Azure Active Directory Connect, allowing a remote attacker to elevate their privileges. To exploit this, an attacker must authenticate to the Azure AD Connect server. This could enable the attacker to execute specific PowerShell cmdlets in the context of a privileged account and perform privileged actions.

Recommendations For Microsoft Azure Active Directory Connect version 1.3.20.0, consider restricting access to the Azure AD Connect server and limiting the execution of privileged PowerShell cmdlets until a patch is available. As a temporary workaround, restrict the use of privileged accounts on the Azure AD Connect server to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-269

Related Identifiers

BDU:2019-02040

CVE-2019-1000

Affected Products

Azure Active Directory Connect

PT-2019-2269 · Microsoft · Azure Active Directory Connect

CVE-2019-1000

Weakness Enumeration

Related Identifiers

Affected Products

References · 3