Microsoft patches critical Azure Service Fabric Explorer (SFX) vulnerability

Share post:

Microsoft has patched a vulnerability in Azure Service Fabric Explorer (SFX) in its Patch Tuesday updates. The flaw, tracked as CVE-2022-35829, has a severity rating of 6.2 and could allow attackers to gain administrator privileges.

SFX is an open-source tool for inspecting and managing Azure Service Fabric Clusters, a distributed system platform for building and deploying cloud applications based on microservices.

The bug in question allows a user with privileges to “Create Compose Application via the SFX client and use privileges to create a rogue app and misuse a stored cross-site scripting (XSS) vulnerability in the “Application name” field to slip the payload.

The flaw therefore allows a threat actor to send the specially crafted input during the application process, which ultimately leads to its execution.

“This includes performing a Cluster Node reset, which erases all customized settings such as passwords and security configurations, allowing an attacker to create new passwords and gain full administrator privileges,” said Orca Security researchers Lidor Ben Shitrit and Roee Sagi.

The vulnerability was discovered and reported by Orca Security on August 11, 2022. Dubbed the vulnerability FabriXss (pronounced “fabrics”), the flaw impacts Azure Fabric Explorer version 8.1.316 and older.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Ransomware Surge Targets U.S. Energy and Utilities Sector Amid Legacy System Challenges: Report

A recent Trustwave SpiderLabs report underscores the growing cybersecurity challenges in the U.S. energy and utilities sector, driven...

FortiGate Configuration Leak Exposes Thousands of Organizations

A recent security incident has resulted in the exposure of nearly 5,000 organizations' email addresses and IP information...

Credentials from Top Cybersecurity Vendors Found on Dark Web For $10 Each

A report by security researchers at Cyble has uncovered a troubling discovery: thousands of account credentials from several...

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways