Security News > 2023 > September > Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster.
The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.
"The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled said in a technical write-up shared with The Hacker News.
In a nutshell, CVE-2023-3676 allows an attacker with 'apply' privileges - which makes it possible to interact with the Kubernetes API - to inject arbitrary code that will be executed on remote Windows machines with SYSTEM privileges.
"CVE-2023-3676 requires low privileges and sets a low bar for attackers: All they need to have is access to a node and apply privileges," Peled noted.
"A recurring theme among these vulnerabilities is a lapse in input sanitization in the Windows-specific porting of the Kubelet," Kubernetes Security platform ARMO highlighted last month.
News URL
https://thehackernews.com/2023/09/alert-new-kubernetes-vulnerabilities.html
Related news
- Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover (source)
- Over 90,000 LG Smart TVs may be exposed to remote attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-3893 | Unspecified vulnerability in Kubernetes CSI Proxy A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-10-31 | CVE-2023-3955 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |
| 2023-10-31 | CVE-2023-3676 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |