ClickCease Kubernetes RCE Vulnerability Allows Remote Code Execution

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Kubernetes RCE Vulnerability Allows Remote Code Execution

by Wajahat Raja

March 25, 2024 - TuxCare expert team

Tomer Peled, an Akamai cybersecurity security researcher, recently discovered a Kubernetes RCE vulnerability that allows threat actors to remotely execute code on Windows endpoints. Not only this but the threat actors can have full system privileges while executing the code. 

Peled explained how the Kubernetes volumes can be exploited, which can result in a complete takeover of Windows nodes inside a Kubernetes cluster. This Kubernetes RCE vulnerability is tracked as CVE-2023-5528 and has a CVSS score of 7.2. The Kubernetes volumes feature supports data sharing between pods on a Kubernetes cluster, or it stores the data outside the lifecycle of a pod. 

In this article, we will discuss various aspects of the Kubernetes RCE vulnerability and its patching of this flaw.

 

How Does The Exploitation of Kubernetes RCE Vulnerability Work?


According to Peled, exploitation of this particular vulnerability is quite easy. In order to get the admin privileges, the creation of pods and persistent Kubernetes volumes on Windows nodes will be required by cybersecurity threat actors. The system privileges will be confined to the concerned nodes only.
YAML files are used by the Kubernetes framework. Only the use of an in-tree storage plugin for Windows can make Kubernetes clusters vulnerable. 

However, what assists the attackers to create different attack scenarios is volume types which result in different attack scenarios. The vulnerable versions of Kubernetes include all the default installations that are running on a version earlier than 1.28.4. Peled also said that the exploitation of the Kubernetes RCE vulnerability was likely to increase because of the fact that the flaw was present in the source code.


What Led To The Discovery of Kubernetes RCE Flaw?


Investigation of another vulnerability in Kubernetes helped in the discovery of CVE-2023-5528 flaw. Both of these
recent Kubernetes vulnerabilities had the same root cause behind them, that was, lack of user input sanitization and insecure function calls. 

The earlier vulnerability, termed CVE-2023-3676, could be taken advantage of by the application of a malicious YAML file onto the Kubernetes cluster. This discovery led to the uncovering of two other vulnerabilities, and towards the end of this investigation, CVE-2023-5528 was discovered.


Kubernetes Exploit Mitigation


Windows’ Command Prompt (cmd) has the ability to allow several commands in the same line. Therefore, controlling one parameter in the cmd execution can mean execution of the command injection vulnerability. The injection can be placed in the storage space that a user can ask for using a persistentVolumeClaim. The patch mitigates the chances of command injection by the deletion of the cmd call and its replacement with a native GO function. The GO function performs the same operation as the cmd call. 


Conclusion


The discovery of the latest
Kubernetes RCE vulnerability warrants that enterprises must always verify Kubernetes configuration YAMLs before deploying Kubernetes. This is because several code areas in Kubernetes lack user input sanitization making it vulnerable to exploitations. Cybersecurity concerns like Kubernetes remote code execution must always be taken seriously and addressed using robust cybersecurity measures

The sources for this piece include articles in Dark Reading and The Hacker News.

 

Summary
Kubernetes RCE Vulnerability Allows Remote Code Execution
Article Name
Kubernetes RCE Vulnerability Allows Remote Code Execution
Description
A Kubernetes RCE vulnerability allows remote execution of code by threat actors with system privileges. Learn more about this flaw here!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Help Us Understand
the Linux Landscape!

Complete our survey on the state of Open Source and you could win one of several prizes, with the top prize valued at $500!

Your expertise is needed to shape the future of Enterprise Linux!