Microsoft Azure Firewall Bypass Vulnerability

Tenable Research discovered a vulnerability in Azure (customer action required). The vulnerability allows a malicious attacker to bypass firewall rules based on Azure Service Tags by forging requests from trusted services. A threat actor could exploit Service Tags that have been allowed through a user's firewall if there are no additional validation controls.

The affected services are:

• Azure Application Insights
• Azure DevOps
• Azure Machine Learning
• Azure Logic Apps
• Azure Container Registry
• Azure Load Testing
• Azure API Management
• Azure Data Factory
• Azure Action Group
• Azure AI Video Indexer
• Azure Chaos Studio

Regarding severity, Tenable generally adheres to the CVSS severity scale (https://nvd.nist.gov/vuln-metrics/cvss). 

Tenable reported this vulnerability to MSRC as a Security Feature Bypass issue with the following recommendations:

• Regarding Azure services as a whole, CVSS scoring is not an adequate measurement to use for cloud-based services, so we simply suggest a severity rating of High based on the impact on data integrity and confidentiality.

MSRC acknowledged this issue as an Elevation of Privilege with a severity rating of Important and awarded a bounty. MSRC’s severity rating system can be found here: https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system