Kubernetes RCE Vulnerability Allows the Takeover of Windows Nodes
A high-severity flaw in Kubernetes could allow attackers to run remote code execution operations that could allow the takeover of Windows nodes in a cluster. Find out more about the threat and its implications for Kubernetes users.
- A security flaw in Kubernetes allows bad actors to run remote code execution attacks to gain system privileges on Windows systems, allowing complete takeovers of nodes in a cluster.
- The vulnerability, CVE-2023-5528, allows the manipulation of Kubernetes volumes, enabling escalating admin privileges on targeted nodes.
A security flaw in the Kubernetes container-management system has been discovered that allows threat actors to remotely execute code on Windows endpoints with system privileges. The vulnerability potentially allows for the complete takeover of Windows nodes in a cluster. The exploit is easy to apply by applying YAML files and parameter modifications.
The bug, CVE-2023-5528, was discovered by a security researcher from Akamai. It has a CVSS rating of 7.2. Bad actors can exploit the vulnerability by manipulating Kubernetes volumes, a popular feature allowing data sharing between a cluster’s pods. Attackers can create persistent volumes and pods on targeted Windows nodes, which gives admin privileges.
See More: Stanford University Reports Data Breach That Impacted 27,000 Individuals
Installations of Kubernetes in their default settings in versions earlier than 1.28.4 operating both Azure Kubernetes Service and on-prem deployments are susceptible to such attacks. The Kubernetes team has recommended users update a patch to mitigate the threat. However, the flaw will likely be exploited in the wild owing to the problem in the product’s source code.
However, attackers can only affect Kubernetes clusters where in-tree storage plugins are used for Windows nodes. Poor sanitization of user inputs and security of function calls are key factors that allow attackers to leverage the bug. It highlights the attack strategy of targeting storage management plugins instead of the Kubernetes core code, owing to differences in security strategies. Developers must consider inventory management of integrations and plugins to make prompt decisions on vulnerability patches and minimize such threats.
Does your organization use Kubernetes on Windows systems? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
LATEST NEWS STORIES
