March 14, 2024 at 08:51AM
A high-severity flaw in Kubernetes, CVE-2023-5528, allowed attackers to execute code with SYSTEM privileges on Windows endpoints. Exploiting a loophole involving local volumes, an attacker could inject commands to achieve remote code execution. The flaw impacted kubelet versions 1.8.0 and after and was patched in updates released on November 14, 2023.
Key takeaways from the meeting notes:
– A high-severity flaw in Kubernetes (CVE-2023-5528, CVSS score: 7.2) has been disclosed, allowing remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. This vulnerability impacts all versions of kubelet, including and after version 1.8.0 and was patched in updates released on November 14, 2023.
– The vulnerability allows an attacker to exploit Kubernetes volumes and mount disk partitions in a pod using local volumes, creating a loophole for command injection and execution.
– The Kubernetes team addressed the issue by replacing the vulnerable function ‘MountSensitive()’ with a native GO function ‘os.Symlink()’ to prevent injection.
– The flaw in the end-of-life (EoL) Zhejiang Uniview ISC camera model 2500-S (CVE-2024-0778, CVSS score: 9.8) is also being exploited by threat actors to deploy the Mirai botnet variant called NetKiller. This botnet shares infrastructure overlaps with another botnet named Condi, the source code of which was publicly released on Github between August 17 and October 12, 2023.
Overall, these vulnerabilities pose serious security risks, emphasizing the importance of applying the necessary patches and updates to safeguard systems and infrastructure.