Threat actors could exploit an already-addressed vulnerability in Azure Service Fabric Explorer, tracked as CVE-2022-35829, to obtain administrator privileges, according to The Hacker News.
Azure Service Fabric Explorer versions 8.1.316 and prior have been impacted by the flaw, which was identified and reported by Orca Security, which dubbed it FabriXss.
FabriXss, which was fixed by Microsoft in this month's Patch Tuesday updates, involves the potential use of privileges in the "Create Compose Application" to facilitate rogue app creation and cross-site scripting bug exploitation for payload delivery. Attackers could use the exploit to deliver the specially crafted input as they create the application, which then leads to its execution, the report showed.
"This includes performing a Cluster Node reset, which erases all customized settings such as passwords and security configurations, allowing an attacker to create new passwords and gain full Administrator permissions," said Orca Security researchers Roee Sagi and Lidor Ben Shitrit.
Application security, Vulnerability Management, Threat Management
Patched Azure SFX vulnerability detailed
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds