Security News > 2022 > November > Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB
Microsoft on Tuesday said it addressed an authentication bypass vulnerability in Jupyter Notebooks for Azure Cosmos DB that enabled full read and write access.
The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw CosMiss. "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said.
This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the Cosmos DB Explorer to spawn a reverse shell.
Successful exploitation of the flaw requires that the adversary is in possession of the unique 128-bit forwardingId and that it's put to use within a one-hour window, after which the temporary Notebook is automatically deleted.
"The vulnerability, even with knowledge of the forwardingId, did not give the ability to execute notebooks, automatically save notebooks in the victim's connected GitHub repository, or access to data in the Azure Cosmos DB account," Redmond said.
"Customers not using Jupyter Notebooks were not susceptible to this vulnerability," it further said.
News URL
https://thehackernews.com/2022/11/researchers-disclose-details-of.html
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)