KUBERNETES FLAWS COULD LEAD TO REMOTE CODE EXECUTION ON WINDOWS ENDPOINTS

From securityaffairs.com

Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by insecure function call and the lack of user input sanitization.

The vulnerability can be exploited to gain remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. An attacker can trigger the issue by applying a malicious YAML file on the cluster.

The vulnerability impacts default installations of Kubernetes and was tested against both on-prem deployments and Azure Kubernetes Service.

The researchers noticed that the presence of “exec.Command” combined with unsanitized user-supplied could have created the condition for a command injection.

PowerShell allows users to evaluate values inside strings before they are used.

Read more…