services / Azure / Traffic Manager profile
An Azure Traffic Manager profile is a DNS-based global traffic load balancer that routes client requests for a public DNS name to a set of backend endpoints according to a routing method. It fronts a production internet-facing service.
Controlling a profile controls where a public domain's traffic resolves, making it a domain/traffic-routing asset.
Microsoft.Network/trafficManagerProfiles/write
Creating/updating a profile lets an attacker rewrite DNS-based routing and endpoints, redirecting the profile's domain traffic to attacker-controlled targets (domain hijack) or disabling endpoints to deny service.
Risks
Scope: HIGH
This privilege may grant access to sensitive data from a single organizational function, or allow interruption of a service supporting a single organizational function.
Links
Contributed by P0 Security