Security News > 2023 > September > Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Three high-severity Kubernetes vulnerabilities could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster.
"The Kubernetes framework uses YAML files for basically everything - from configuring the Container Network Interface to pod management and even secret handling," Peled explained.
The vulnerability can be exploited on default installations of Kubernetes and is a result of insufficient input sanitization on Windows nodes that leads to privilege escalation.
As Peled demonstrated, an attacker with privileges required to interact with the Kubernetes API can exploit this flaw to inject code that will be executed on remote Windows machines with SYSTEM privileges.
The three vulnerabilities affect all Kubernetes versions below v1.28.
The Kubernetes team has also explained how CVE-2023-3676 exploitation can be detected by analyzing Kubernetes audit logs: "Pod create events with embedded powershell commands are a strong indication of exploitation. Config maps and secrets that contain embedded powershell commands and are mounted into pods are also a strong indication of exploitation."
News URL
https://www.helpnetsecurity.com/2023/09/18/cve-2023-3676/
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Patching problems: The “return” of a Windows Themes spoofing vulnerability (source)
- Palo Alto Networks warns of potential PAN-OS RCE vulnerability (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-31 | CVE-2023-3676 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |