Researchers at Israeli cybersecurity company Check Point disclosed details of two potentially high-risk vulnerabilities in Microsoft Azure App Service. These vulnerabilities, if exploited, may affect Multiple businesses running their web and mobile applications on Azure.
It is understood that the first is a request spoofing vulnerability, CVE-2019-1234, which affects Azure Stack, Microsoft’s hybrid cloud computing software solution. If exploited, it could allow hackers to gain unauthorized remote access to screenshots and sensitive information of all virtual machines running on the Azure architecture, whether they run on shared, dedicated, or isolated virtual machines.
According to researchers, this vulnerability can be exploited through the Microsoft Azure Stack portal, which helps users access the cloud created using Azure Stack. Researchers have also discovered a way to obtain the virtual machine name and ID, core hardware information, and the total memory of the target computer, which could be exploited by hackers.
The second vulnerability is a remote code execution vulnerability, CVE-2019-1372, which affects Azure application services on Azure Stack, allowing hackers to take complete control of the entire Azure server. In addition, an attacker could exploit these two vulnerabilities by creating a free user account with Azure Cloud and running malicious features on it, or by sending unauthenticated HTTP requests to the Azure Stack user portal.
A detailed technical article on the second vulnerability, Check Point, stated that the vulnerability exists mainly in Dynamic WAS Service (DWASSVC). Because Azure Stack failed to check the length of the buffer before copying the memory to the buffer, an attacker could exploit this vulnerability by sending a specially crafted message to the DWASSVC service, which could allow it to gain server permissions to execute malicious code.
At present, Ronen Shustin, a Check Point researcher who discovered the two vulnerabilities, has reported the details of the discovery to Microsoft and received a $40,000 vulnerability reward.