A set of vulnerabilities in the Azure Container Instances (ACI) platform could have allowed users to escape their particular instance and gain control of the container-as-a-service (CaaS) infrastructure, Palo Alto Networks researchers reported on September 9.
The attack exploited a two-year-old vulnerability in a component of container infrastructure that is used to create new containers and run them. Exploiting the vulnerability allowed Palo Alto Networks' vulnerability researchers to escape from Azure's multi-tenant public cloud environment and gain control of the Kubernetes management system.
This is the first time that a complete takeover of a public cloud system has been demonstrated, says Ariel Zelivansky, leader of Palo Alto Networks' Unit 42 cloud research team.
"What we found is a vulnerability that escalates privileges to a cluster administrator which gives you access to anything you want in Kubernetes," he says. "It is essentially the Holy Grail of cloud security attacks."
The vulnerabilities, which Palo Alto Networks dubbed "Azurescape," were patched by Microsoft in late August after being notified by the security firm. Microsoft issued notifications to customers whose containers resided in the same clusters as the researchers' cloud infrastructure, the company stated in an advisory.
"Our investigation surfaced no unauthorized access to customer data," Microsoft said. "Out of an abundance of caution we notified customers with containers running on the same clusters as the researchers via Service Health Notifications in the Azure Portal."
Researchers discovered the issue by analyzing Azure's infrastructure using a container image known as WhoC, which uses analysis and security weaknesses to gather information about the host's container runtime. When researchers ran the container image in Microsoft's Azure service, they were "surprised" to find that Microsoft continued to use a five-year-old version of RunC.
"Once we discovered the presence of this old version of runC in ACI, we took the PoC container image developed then, polished it and deployed it to ACI," the researchers stated in a technical post on their findings. "We successfully broke out of our container and gained a reverse shell running as root on the underlying host, which turned out to be a Kubernetes node."
Using their access to the environment, which continued to limit them to a single tenant space, researchers then reconnoitered using a variety of test containers and tools, finding that the Kubernetes clusters were running older versions of the software with known vulnerabilities. The Palo Alto Networks team used the vulnerabilities to gain administrator rights on the cluster of systems.
In a blog post, Palo Alto Networks characterized the flaw as "the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service."
In late August, cloud-security firm Wiz.io discovered a vulnerability in how Microsoft Azure deployed the Jupyter Notebooks data analysis environment to users of its Cosmos DB database service, resulting in inadvertently giving users the ability to escape from their environment and access the data of other Cosmos DB users.
However, that attack did not give the researchers the ability to control the host systems, which the Azurescape attack chain does, Zelivansky says.
"A complete takeover has not been achieved before in the public cloud ever," he says. "There have been data leaks and accessing other tenants' information, but we are able to execute code in the context of other organizations ... and on the platform itself."
While companies and cloud users can do little to prevent the exploitation of such vulnerabilities—that is the purview of the cloud provider—they can detect the abuse of the cloud infrastructure, Zelivansky says. He recommended that companies analyzing their containers running in cloud infrastructure be aware of containers acting strangely. Cryptominers, the most common payload in such environments, are easy to detect if companies are looking at the runtime behavior.
Microsoft recommended that companies notified as potentially affected by the vulnerability should revoke and rotate any administrative credentials issued before August 31, 2021.
"If you have any concerns, rotating privileged credentials is a good periodic security practice and would be an effective precautionary measure," the company stated in its advisory.
In addition, companies should also follow the Azure security baseline practices for containers, Microsoft said.