services / Azure / Traffic Manager Azure endpoint

A Traffic Manager Azure endpoint is a configured backend target (an Azure resource) within a Traffic Manager profile that receives DNS-routed traffic. It defines part of a public-facing service's routing.

Endpoint configuration determines where a public domain's traffic is directed.


Microsoft.​Network/​trafficManagerProfiles/​azureEndpoints/​write

Adding/updating an endpoint changes where the profile's DNS name routes traffic, letting an attacker redirect domain traffic to a controlled target (hijack), alter routing config, or disable a legitimate endpoint to deny service.

Risks

Scope: HIGH

This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.

Links

  • https:​/​/​azure.​permissions.​cloud/​iam/​Microsoft.​Network
  • https:​/​/​learn.​microsoft.​com/​en-​us/​azure/​role-​based-​access-​control/​resource-​provider-​operations
  • Contributed by P0 Security

    © 2023–present P0 Security and contributors to the IAM Privilege Catalog