Vulnerabilities Identified in Azure Health Bot Service
Two vulnerabilities have been identified in the Azure Health Bot Service that can be exploited to access cross-tenant resources including user and customer information, according to Tenable Research.
The Azure Health Bot Service is a cloud-based platform that has been developed for use in healthcare. Developers can use Azure Health Bot to build and deploy AI-powered, HIPAA-compliant, conversational AI-powered virtual assistants at scale to improve efficiency and reduce costs. Virtual assistants can be created for specific healthcare purposes and can handle administrative tasks or even triage to reduce the burden on staff.
Depending on the configuration of these chatbots, they can have access to sensitive patient information, so if vulnerabilities exist, that information may be at risk. Potentially, vulnerabilities could be exploited to gain access to other resources. Researchers at Tenable conducted an audit of the Azure Health Bot Service to identify potential security issues, and one of the features investigated was the Data Connections feature. Data Connections allows chatbots to interact with and pull data from external sources, such as patient portals to gather patient information and reference databases for general medical information.
This feature allows the service’s backend to request third-party APIs. The researchers tested this feature to see if it was possible to interact with endpoints internal to the service. Microsoft had implemented measures to prevent this, but the researchers were able to bypass those mitigations by issuing redirect responses from user-supplied endpoints.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
One of the vulnerabilities – CVE-2024-38109 – is a critical (CVSS 9.1) server-side request forgery vulnerability that can be exploited by an authenticated attacker to elevate privileges. The researchers demonstrated that it was possible to access the service’s internal metadata service (IMDS) and access tokens that allow the management of cross-tenant resources of customers using the Health Bot service.
Another vulnerability was identified in the validator mechanism for FHIR data connection endpoints that are used within Azure Health Bot. These also improperly handled redirect responses from user-supplied endpoints. The researchers exploited the vulnerability to access Azure’s WireServer and components of the internal AKS infrastructure.
The vulnerabilities were reported to Microsoft, and both were fixed within a week by a configuration change that ensures redirect status codes are rejected for data connection endpoints. Azure Health Bot Service customers do not need to take any action, and Microsoft reports that the vulnerabilities have not been exploited in the wild.
Tenable notes that these vulnerabilities are not present in the AI models, they affect the underlying AI chatbot infrastructure, and say the smart approach to securing the AI attack surface is to focus on basic, foundational cyber hygiene and well-established best practices, such as implementing traditional web application and cloud security mechanisms for AI-powered sources.
