3 interrelated large-severity security flaws uncovered in Kubernetes could be exploited to attain distant code execution with elevated privileges on Windows endpoints in just a cluster.
The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities have been produced on August 23, 2023, next accountable disclosure by Akamai on July 13, 2023.
“The vulnerability lets remote code execution with Technique privileges on all Windows endpoints inside a Kubernetes cluster,” Akamai security researcher Tomer Peled claimed in a complex create-up shared with The Hacker News. “To exploit this vulnerability, the attacker needs to apply a destructive YAML file on the cluster.”
Amazon Web Services (AWS), Google Cloud, and Microsoft Azure have all launched advisories for the bugs, which impact the next versions of Kubelet –
- kubelet < v1.28.1
- kubelet < v1.27.5
- kubelet < v1.26.8
- kubelet < v1.25.13, and
- kubelet < v1.24.17
In a nutshell, CVE-2023-3676 allows an attacker with ‘apply’ privileges — which makes it possible to interact with the Kubernetes API — to inject arbitrary code that will be executed on remote Windows equipment with Technique privileges.
“CVE-2023-3676 needs small privileges and, hence, sets a small bar for attackers: All they have to have to have is access to a node and use privileges,” Peled famous.
Approaching WEBINARIdentity is the New Endpoint: Mastering SaaS Security in the Fashionable Age
Dive deep into the potential of SaaS security with Maor Bin, CEO of Adaptive Shield. Find out why id is the new endpoint. Secure your place now.
Supercharge Your Capabilities
The vulnerability, together with CVE-2023-3955, occurs as a end result of a deficiency of input sanitization, thereby enabling a specifically crafted route string to be parsed as a parameter to a PowerShell command, correctly foremost to command execution.
CVE-2023-3893, on the other hand, relates to a scenario of privilege escalation in the Container Storage Interface (CSI) proxy that makes it possible for a destructive actor to get hold of administrator access on the node.
“A recurring concept between these vulnerabilities is a lapse in enter sanitization in the Windows-particular porting of the Kubelet,” Kubernetes Security system ARMO highlighted very last thirty day period.
“Specially, when dealing with Pod definitions, the computer software fails to sufficiently validate or sanitize person inputs. This oversight enables destructive consumers to craft pods with ecosystem variables and host paths that, when processed, direct to undesired behaviors, this kind of as privilege escalation.”
Observed this report intriguing? Comply with us on Twitter and LinkedIn to go through more special written content we submit.
Some components of this posting are sourced from: