Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access

admin by admin
October 19, 2022
in Ethical Hackers


Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster.

The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week.

CyberSecurity

Orca Security, which discovered and reported the flaw to the tech giant on August 11, 2022, dubbed the vulnerability FabriXss (pronounced “fabrics”). It impacts Azure Fabric Explorer version 8.1.316 and prior.

SFX is described by Microsoft as an open-source tool for inspecting and managing Azure Service Fabric clusters, a distributed systems platform that’s used to build and deploy microservices-based cloud applications.

The vulnerability is rooted in the fact that a user with permissions to “Create Compose Application” through the SFX client can leverage the privileges to create a rogue app and abuse a stored cross-site scripting (XSS) flaw in the “Application name” field to slip the payload.

CyberSecurity

Armed with this exploit, an adversary can send the specially crafted input during the application creation step, eventually leading to its execution.

“This includes performing a Cluster Node reset, which erases all customized settings such as passwords and security configurations, allowing an attacker to create new passwords and gain full Administrator permissions,” Orca Security researchers Lidor Ben Shitrit and Roee Sagi said.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

A Python Tool Used To Discover Endpoints (And Potential Parameters) For A Given Target

Next Post

How to stream Blue Ruin online from anywhere

Next Post

How to stream Blue Ruin online from anywhere

Recommended

Azure AD Enumeration Over MS Graph

3 months ago

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

3 months ago

© Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.