New Kubernetes Vulnerabilities Allow Distant Assaults on Home windows Endpoints

Sep 13, 2023THNKubernetes / Cloud Safety

Three interrelated high-severity safety flaws found in Kubernetes might be exploited to attain distant code execution with elevated privileges on Home windows endpoints inside a cluster.

The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and affect all Kubernetes environments with Home windows nodes. Fixes for the vulnerabilities have been released on August 23, 2023, following accountable disclosure by Akamai on July 13, 2023.

“The vulnerability permits distant code execution with SYSTEM privileges on all Home windows endpoints inside a Kubernetes cluster,” Akamai safety researcher Tomer Peled said in a technical write-up shared with The Hacker Information. “To take advantage of this vulnerability, the attacker wants to use a malicious YAML file on the cluster.”

Amazon Web Services (AWS), Google Cloud, and Microsoft Azure have all launched advisories for the bugs, which have an effect on the next variations of Kubelet –

• kubelet < v1.28.1
• kubelet < v1.27.5
• kubelet < v1.26.8
• kubelet < v1.25.13, and
• kubelet < v1.24.17

In a nutshell, CVE-2023-3676 permits an attacker with ‘apply’ privileges — which makes it potential to work together with the Kubernetes API — to inject arbitrary code that might be executed on distant Home windows machines with SYSTEM privileges.

“CVE-2023-3676 requires low privileges and, subsequently, units a low bar for attackers: All they should have is entry to a node and apply privileges,” Peled famous.

The vulnerability, together with CVE-2023-3955, arises on account of an absence of enter sanitization, thereby enabling a specifically crafted path string to be parsed as a parameter to a PowerShell command, successfully resulting in command execution.

CVE-2023-3893, then again, pertains to a case of privilege escalation within the Container Storage Interface (CSI) proxy that permits a malicious actor to acquire administrator entry on the node.

“A recurring theme amongst these vulnerabilities is a lapse in enter sanitization within the Home windows-specific porting of the Kubelet,” Kubernetes safety platform ARMO highlighted final month.

“Particularly, when dealing with Pod definitions, the software program fails to adequately validate or sanitize consumer inputs. This oversight allows malicious customers to craft pods with setting variables and host paths that, when processed, result in undesired behaviors, reminiscent of privilege escalation.”