services / Azure / Private DNS SRV record set

An SRV (service-location) record set within an Azure Private DNS zone, which advertises the host and port of internal services (e.g. LDAP, SIP, Kerberos) for resources in linked virtual networks.

SRV records direct service-discovery clients to host/port endpoints; manipulating them can redirect client traffic to attacker-controlled endpoints.


Microsoft.​Network/​privateDnsZones/​SRV/​write

Creating/replacing SRV records redirects internal service discovery to attacker-controlled hosts/ports, manipulating resolution and arbitrarily routing client traffic for that name.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Network
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog