All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.

Dark Reading Staff, Dark Reading

September 13, 2023

1 Min Read
Concept image with shipping containers to illustrate cloud storage
Source: Sergey Novikov via Alamy Stock Photo

Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.

Akamai has released a new report flagging the two Kubernetes vulnerabilities, and urged system administrators to take immediate steps to mitigate.

The find was built on previous research into Windows nodes vulnerability CVE-2023-3676 reported last July, according to the Akamai report. Subsequent analysis by Akamai found that once a cyber attacker exploits the Windows nodes flaw, they could pivot to take advantage of these additional command injection bugs, tracked under CVE-2023-3893 and 2023-3955. Both follow-on flaws share the same cause, according to the researchers, "insecure function call and lack of user input sanitization."

In order to exploit the two Kubernetes vulnerabilities, cyber attackers would simply need to inject a malicious YAML (YAML Ain't Markup Language) file into the cluster, the report added.

"CVE-2023-3676 requires low privileges and, therefore, sets a low bar for attackers: All they need to have is access to a node and apply privileges," the report said. "Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with system privileges."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights