#Security Vulnerability

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could execute RPC functions that are restricted to local clients only.

**What privileges could an attacker gain?** An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges.

**How could an attacker exploit this vulnerability?** This vulnerability is subject to a local escalation of privilege attack. The attacker would most likely arrange to run an executable or script on the local computer. An attacker could gain access to the computer through a variety of methods, such as via a phishing attack where a user clicks an executable file that is attached to an email.

**Where can I find more information about StorSimple 8000 Series?** StorSimple 8000 series is a hybrid cloud storage solution. Please see StorSimple 8000 series for more information.

**How could an attacker exploit this vulnerability?** An attacker who knows the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster can exploit this vulnerability from the internet. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, allows an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc; therefore Azure Stack Edge devices are also vulnerable.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition.

**According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?** An attacker needs to have CreateComposeDeployment permission to exploit this vulnerability. Please refer to the **Security/ClientAccess** section of Customize Service Fabric cluster settings for more information on the permission.

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to access a malicious folder or directory. Users should never open anything that they do not know or trust to be safe.

**What is the nature of the spoofing?** An attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate.

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors might be helpful in your situation: * Systems are not affected if IPv6 is disabled on the target machine.