Security News > 2023 > September > Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints

Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
2023-09-13 14:05

Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.

The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.

"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled said in a technical write-up shared with The Hacker News.

In a nutshell, CVE-2023-3676 allows an attacker with 'apply' privileges - which makes it possible to interact with the Kubernetes API - to inject arbitrary code that will be executed on remote Windows machines with SYSTEM privileges.

"CVE-2023-3676 requires low privileges and sets a low bar for attackers: All they need to have is access to a node and apply privileges," Peled noted.

"A recurring theme among these vulnerabilities is a lapse in input sanitization in the Windows-specific porting of the Kubelet," Kubernetes Security platform ARMO highlighted last month.


News URL

https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-3893 Unspecified vulnerability in Kubernetes CSI Proxy
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes
8.8
2023-10-31 CVE-2023-3955 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8
2023-10-31 CVE-2023-3676 Improper Input Validation vulnerability in Kubernetes
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes.
network
low complexity
kubernetes CWE-20
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92