How could an attacker exploit this vulnerability? A cross-site scripting vulnerability existed in virtual public IP address that impacted related endpoints. For more information on the impacted virtual public IP address, see here: What is IP address 168.63.129.16? | Microsoft Learn. An unauthenticated attacker could exploit this vulnerability by getting the victim to load malicious code into their web browser on the virtual machine, allowing the attacker to leverage an implicit identity of the virtual machine. The victim's web browser then would determine which host endpoints are accessible. According to CVSS metrics the user interaction is required (UI:R). What interaction would a user have to do? A user (victim) logged on to a virtual machine would need to be tricked for the virtual machine to explicitly download and execute a malicious code in their web browser. According to the CVSS metric, the successful exploitation of this vulnerability could lead to a scope change (S:C). What does this mean for this vulnerability? By sending a specially crafted request to the vulnerable virtual public IP address, the attacker is able to load malicious code into a victim's browser without having any direct access or connection.
Felix Boulet with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberdéfense (CGCD)</a>, Mathieu Fiore Laroche with <a href="https://www.cyber.gouv.qc.ca/">Centre gouvernemental de cyberdéfense (CGCD)</a>