Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

  /     /     /  
Publicated : 23/11/2024   Category : security

Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns


All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.


Two new high-severity Kubernetes vulnerabilities leave all Windows endpoints on an unpatched cluster open to remote code execution (RCE) with system privileges.
Akamai has released a new report flagging the two
Kubernetes vulnerabilities
, and urged system administrators to take immediate steps to mitigate.
The find was built on previous research into
Windows nodes vulnerability
CVE-2023-3676 reported last July, according to the Akamai report. Subsequent analysis by Akamai found that once a cyber attacker exploits the Windows nodes flaw, they could pivot to take advantage of these additional command injection bugs, tracked under CVE-2023-3893 and 2023-3955. Both follow-on flaws share the same cause, according to the researchers, insecure function call and lack of user input sanitization.
In order to exploit the two
Kubernetes
vulnerabilities, cyber attackers would simply need to inject a malicious YAML (YAML Aint Markup Language) file into the cluster, the report added.
CVE-2023-3676 requires low privileges and, therefore, sets a low bar for attackers: All they need to have is access to a node and apply privileges,
the report said
. Successful exploitation of this vulnerability will lead to remote code execution on any Windows node on the machine with system privileges.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns