Three interrelated high-severity security flaws learned in Kubernetes could be exploited to reach remote code execution with elevated privileges on Windows endpoints inside of a cluster.
The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and effects all Kubernetes environments with Windows nodes. Fixes for the vulnerabilities have been released on August 23, 2023, following liable disclosure by Akamai on July 13, 2023.
“The vulnerability will allow remote code execution with Method privileges on all Windows endpoints in just a Kubernetes cluster,” Akamai security researcher Tomer Peled explained in a technological write-up shared with The Hacker Information. “To exploit this vulnerability, the attacker wants to apply a malicious YAML file on the cluster.”
Amazon Web Companies (AWS), Google Cloud, and Microsoft Azure have all launched advisories for the bugs, which have an effect on the subsequent variations of Kubelet –
- kubelet < v1.28.1
- kubelet < v1.27.5
- kubelet < v1.26.8
- kubelet < v1.25.13, and
- kubelet < v1.24.17
In a nutshell, CVE-2023-3676 allows an attacker with ‘apply’ privileges — which makes it possible to interact with the Kubernetes API — to inject arbitrary code that will be executed on remote Windows equipment with Program privileges.
“CVE-2023-3676 requires minimal privileges and, for that reason, sets a minimal bar for attackers: All they need to have is accessibility to a node and apply privileges,” Peled pointed out.
Forthcoming WEBINARIdentity is the New Endpoint: Mastering SaaS Security in the Contemporary Age
Dive deep into the long run of SaaS security with Maor Bin, CEO of Adaptive Protect. Explore why identity is the new endpoint. Secure your location now.
Supercharge Your Skills
The vulnerability, alongside with CVE-2023-3955, occurs as a outcome of a deficiency of input sanitization, thereby enabling a specifically crafted route string to be parsed as a parameter to a PowerShell command, proficiently primary to command execution.
CVE-2023-3893, on the other hand, relates to a scenario of privilege escalation in the Container Storage Interface (CSI) proxy that enables a destructive actor to get hold of administrator accessibility on the node.
“A recurring theme among the these vulnerabilities is a lapse in input sanitization in the Windows-precise porting of the Kubelet,” Kubernetes Security system ARMO highlighted past month.
“Particularly, when handling Pod definitions, the software fails to sufficiently validate or sanitize user inputs. This oversight enables malicious buyers to craft pods with natural environment variables and host paths that, when processed, guide to undesired behaviors, this kind of as privilege escalation.”
Observed this article interesting? Adhere to us on Twitter and LinkedIn to study more exclusive content material we put up.
Some parts of this article are sourced from:
thehackernews.com