Security News > 2023 > September > Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.
The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled said in a technical write-up shared with The Hacker News.
In a nutshell, CVE-2023-3676 allows an attacker with 'apply' privileges - which makes it possible to interact with the Kubernetes API - to inject arbitrary code that will be executed on remote Windows machines with SYSTEM privileges.
"CVE-2023-3676 requires low privileges and sets a low bar for attackers: All they need to have is access to a node and apply privileges," Peled noted.
"A recurring theme among these vulnerabilities is a lapse in input sanitization in the Windows-specific porting of the Kubelet," Kubernetes Security platform ARMO highlighted last month.
News URL
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html
Related news
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- CUPS vulnerabilities could be abused for DDoS attacks (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-3893 | Unspecified vulnerability in Kubernetes CSI Proxy A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-10-31 | CVE-2023-3955 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-10-31 | CVE-2023-3676 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |