New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

A new vulnerability has been discovered in Microsoft’s Azure Service Fabric Explorer (SFX) that would enable unauthenticated, remote threat actors to execute code on a container hosted on a Service Fabric node.

Dubbed Super FabriXss by the Orca Security team, the cross-site scripting (XSS) flaw (CVE-2023-23383) has a CVSS score of 8.2 and affects SFX version 9.1.1436.9590 or earlier.

“The vulnerability arises from a vulnerable ‘Node Name’ parameter, which can be exploited to embed an iframe in the user’s context,” wrote Orca security researcher Lidor Ben Shitrit in a Thursday advisory.

The iframe (an HTML element designed to embed web content within websites) then retrieves remote files from an attacker-controlled server, leading to the execution of a malicious PowerShell reverse shell. 

“This attack chain can ultimately result in remote code execution on the container which is deployed to the cluster, potentially allowing an attacker to take control of critical systems,” Shitrit added.

The Orca Security team confirmed it reported the vulnerability on December 20 2022 to the Microsoft Security Response Center (MSRC), which investigated the issue and released a fix as part of its March 2023 Patch Tuesday.

Read more on the latest Patch Tuesday here: Microsoft Patches Two Zero Days This Month

According to Shitrit, this is the second XSS vulnerability that Orca has discovered in Azure Service Fabric Explorer. But, while the first one (called FabriXss) affected both Linux and Windows Clusters, the SuperFabriXxs flaw only exists in the Windows Cluster. Still, Shitrit warned the new vulnerability is substantially more dangerous than the previous one discovered by the team.

“With Super FabriXss, a remote unauthenticated attacker can execute code on a container hosted on one of the Service Fabric nodes,” reads the advisory. “An attacker could potentially gain control of critical systems and cause significant damage.”

Orca Security has created a proof of concept for the Super FabriXss Vulnerability, which is described in detail in the the team’s technical write-up.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Apache Cordova App Harness Targeted in Dependency Confusion Attack
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
US Congress Passes Bill to Ban TikTok
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

Leave a Reply

Your email address will not be published. Required fields are marked *