Home > Cyber News > CVE-2023-23383: Dangerous Flaw in Azure SFX

CVE-2023-23383: Dangerous Flaw in Azure SFX

A vulnerability in Azure Service Fabric Explorer (SFX) was recently patched.

CVE-2023-23383: Discovery and Technical Overview

Security firm Orca discovered a serious security flaw in Azure Service Fabric Explorer that could be taken advantage of by sending a constructed URL to any Azure Service Fabric user. The vulnerability was caused by a vulnerable ‘Node Name’ parameter, which could be used to embed an iframe in the user’s environment.

CVE-2022-38023 CVE-2022-37966 CVE-2022-37967 CVE-2022-45141

This iframe then fetches remote files from a server that is managed by the attacker, resulting in the activation of a malicious PowerShell reverse shell. This attack sequence can eventually lead to remote code execution on the container that is deployed to the cluster, potentially allowing the attacker to gain control of vital systems.

The vulnerability, known as “Super FabriXss” (CVE-2023-23383 with a CVSS score of 8.2), is an upgrade of a previously patched FabriXss flaw – CVE-2022-35829, CVSS score 6.2.

According to Orca security researcher Lidor Ben Shitrit, this vulnerability allows attackers to execute code remotely on a Service Fabric node without the need for authentication. This is possible due to an XSS injection attack, in which malicious code is uploaded to a seemingly trusted website, and then executed each time a user visits.

While both FabriXss and Super FabriXss involve XSS, Super FabriXss has more serious implications as it can be weaponized to gain control of affected systems.

In March 2023, Orca Security discovered a dangerous Cross-Site Scripting (XSS) vulnerability, referred to as Super FabriXss (CVE-2023-23383), within Azure Service Fabric Explorer (SFX). This vulnerability enabled unauthenticated remote attackers to execute code on a container hosted on a Service Fabric node.

Once notified, Microsoft Security Response Center (MSRC) investigated the issue and assigned it CVE-2023-23383 (CVSS 8.2) with ‘Important’ severity. Microsoft released a fix and included it in their March 2023 Patch Tuesday, thus allowing users to protect themselves against this vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree