Authenticated Attacker Can Elevate Privileges via SSRF Vulnerability in Azure Health Bot

CVE-2024-38109

9.1CRITICAL

Key Information

Vendor: Microsoft
Status: Azure Health Bot
Vendor: CVE Published:; 13 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Affected Version(s)

Azure Health Bot =

News Articles

The Cyber Express

CVE-2024-38109

Critical Flaws In Microsoft's Azure Health Bot Service

The Azure Health Bot Service, a cloud platform for healthcare organizations, has been found vulnerable to multiple privilege-escalation issues.

3 months ago

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 8.8 to: 9.1 - (CRITICAL)
Sep 10, 2024
Risk change from: 8.8 to: 9.1 - (CRITICAL)
Aug 23, 2024
Risk change from: 8.8 to: 9.1 - (CRITICAL)
Aug 23, 2024
Risk change from: 8.8 to: 9.1 - (CRITICAL)
Aug 23, 2024
👾
Exploit exists.
Aug 14, 2024
First article discovered by The Cyber Express
Aug 14, 2024
Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)