Security News > 2023 > September > Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Three high-severity Kubernetes vulnerabilities could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster.
"The Kubernetes framework uses YAML files for basically everything - from configuring the Container Network Interface to pod management and even secret handling," Peled explained.
The vulnerability can be exploited on default installations of Kubernetes and is a result of insufficient input sanitization on Windows nodes that leads to privilege escalation.
As Peled demonstrated, an attacker with privileges required to interact with the Kubernetes API can exploit this flaw to inject code that will be executed on remote Windows machines with SYSTEM privileges.
The three vulnerabilities affect all Kubernetes versions below v1.28.
The Kubernetes team has also explained how CVE-2023-3676 exploitation can be detected by analyzing Kubernetes audit logs: "Pod create events with embedded powershell commands are a strong indication of exploitation. Config maps and secrets that contain embedded powershell commands and are mounted into pods are also a strong indication of exploitation."
News URL
https://www.helpnetsecurity.com/2023/09/18/cve-2023-3676/
Related news
- Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-31 | CVE-2023-3676 | Improper Input Validation vulnerability in Kubernetes A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. | 8.8 |