critical

Azure on-premises data gateway cross-tenant access

Published Thu, Mar 30th, 2023

Platforms

Summary

Azure on-premises data gateway allows data transfer between an on-prem customer network and several Azure cloud services, and also enables a connected agent installed locally in an on-prem network to perform certain actions remotely. NetSPI discovered a deserialization issue in Microsoft Power Platform connectors that lead to RCE on several Azure backend servers that processed call backs from on-premises data gateways, effectively allowing unauthorized cross-tenant access.

Affected Services

On-premises data gateway

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://www.netspi.com/blog/technical/vulnerability-research/azure-service-bus-power-platform/

Contributed by https://github.com/korniko98

Entry Status

Finalized

Disclosure Date

Fri, Sep 30th, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Nick Landers, NetSPI

More vulnerabilities...

high

RCE vulnerability in Azure Pipelines

Legit Security found an RCE vulnerability in Azure Pipelines that could have allowed an attacker to gain complete control of variables and tasks by exploiting logging commands. This would have enab...

Nadav Noy, Legit Security

Thu, Mar 30th, 2023

high

Azure Function Apps privilege escalation

Undocumented APIs used by the Azure Function Apps Portal could have allowed an attacker with existing access to a Reader role on a Function App to escalate their privileges and gain write permissio...

Karl Fosaaen, NetSPI

Thu, Mar 23rd, 2023

low

Partial CloudTrail logging in AWS Control Tower

AWS Control Tower was not properly logging to CloudTrail when API calls failed due to a lack of permissions. This could have helped an adversary with existing access to a victim AWS environment avo...

Nick Frichette, Datadog

Mon, Mar 20th, 2023

View all