Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.

Akamai has released a new report flagging the two Kubernetes vulnerabilities, and urged system administrators to take immediate steps to mitigate.

The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 reported last July, according to the Akamai report. Subsequent analysis by Akamai found that once a cyber attacker exploits the Windows nodes flaw, they could pivot to take advantage of these additional command injection bugs, tracked under CVE-2023-3893 and 2023-3955. Both follow-on flaws share the same cause, according to the researchers, "insecure function call and lack of user input sanitization."

In order to exploit the two Kubernetes vulnerabilities, cyber attackers would simply need to inject a malicious YAML (YAML Ain't Markup Language) file into the cluster, the report added.

"CVE-2023-3676 requires low privileges and, therefore, sets a low bar for attackers: All they need to have is access to a node and apply privileges," the report said. "Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with system privileges."