Authenticated Attacker Can Elevate Privileges via SSRF Vulnerability in Azure Health Bot
CVE-2024-38109

9.1CRITICAL

Key Information:

Vendor
Microsoft
Status
Azure Health Bot
Vendor
CVE Published:
13 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An identified vulnerability exists within the Microsoft Azure Health Bot that allows authenticated attackers to manipulate server-side requests, leading to unauthorized privilege escalation within the network. This exploit poses a significant risk to secure communications and data integrity, necessitating immediate attention from users and administrators of the affected services. Proper configuration and regular updates are essential for mitigating potential threats associated with this vulnerability.

Affected Version(s)

Azure Health Bot Unknown

News Articles

favicon imageThe Cyber Express

Critical Flaws In Microsoft's Azure Health Bot Service

The Azure Health Bot Service, a cloud platform for healthcare organizations, has been found vulnerable to multiple privilege-escalation issues.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by The Cyber Express

  • Vulnerability published

  • Vulnerability Reserved

.