CVE-2024-38109

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 918

Summary

CVE-2024-38109 is a serious vulnerability affecting Microsoft Azure Health Bot. An authenticated attacker can leverage this Server-Side Request Forgery (SSRF) weakness to issue malicious requests, causing the health bot service to access resources located on the attacker's controlled servers. By controlling the bot's access to these resources, an attacker can potentially elevate privileges and gain unauthorized network access. This poses a significant risk to organizations utilizing Azure Health Bot, as it allows attackers to bypass security measures and gain control over sensitive data or systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share