Orca has discovered a vulnerability in Azure Service Fabric Explorer.
Vulnerability discovered (and patched) in Azure.
Orca released a report today detailing a vulnerability they discovered in Azure Service Fabric Explorer (SFX). The vulnerability has been reported to Microsoft, and the issue was designated CVE-2022-35829. A patch was released on Patch Tuesday earlier this month.
What is the vulnerability?
The vulnerability, known as FabriXss (it’s pronounced “fabrics”), was found in Azure Service Fabric Explorer. Microsoft Azure Service Fabric is described as a “distributed systems platform for packaging, deploying, and managing stateless and stateful distributed applications and containers on a large scale,” and Service Fabric Explorer is “a tool for inspecting and managing Azure Service Fabric clusters.” It was determined that a class of user known as “Deployers” who have permissions to “Create new Applications” via the dashboard can use this permission to create a malicious application name and abuse Administrator access to perform a range of actions. Orca reports that this can include what’s known as a Cluster Node reset, which erases all custom settings, such as passwords and security data, which can be overwritten by the malicious actor and give them the ability to gain full Admin permissions.
Are you vulnerable?
If you use Service Fabric Explorer (SFXv1) version 8.1.316 or earlier, you are vulnerable. Recommended actions include applying Microsoft’s October 2022 Patch Tuesday update and verify that the Service Fabric Explorer URL ends in “index.html” instead of “old.html.”