Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns
All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.
Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.
Akamai has released a new report flagging the two Kubernetes vulnerabilities, and urged system administrators to take immediate steps to mitigate.
The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 reported last July, according to the Akamai report. Subsequent analysis by Akamai found that once a cyber attacker exploits the Windows nodes flaw, they could pivot to take advantage of these additional command injection bugs, tracked under CVE-2023-3893 and 2023-3955. Both follow-on flaws share the same cause, according to the researchers, "insecure function call and lack of user input sanitization."
In order to exploit the two Kubernetes vulnerabilities, cyber attackers would simply need to inject a malicious YAML (YAML Ain't Markup Language) file into the cluster, the report added.
"CVE-2023-3676 requires low privileges and, therefore, sets a low bar for attackers: All they need to have is access to a node and apply privileges," the report said. "Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with system privileges."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024