CVE-2023-5528: Critical Kubernetes Exploit Grants Attackers SYSTEM Privileges

Security experts have recently disclosed a high-severity vulnerability in Kubernetes that, under certain conditions, could allow an attacker to remotely execute code with elevated privileges.

“The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster,” explained Tomer Peled, a security researcher at Akamai.

Kubernetes vulnerability

Identified as CVE-2023-5528 and rated with a CVSS score of 7.2, the vulnerability affects all versions of kubelet starting from 1.8.0. The issue was rectified in updates released on November 14, 2023, for kubelet versions 1.28.4, 1.27.8, 1.26.11, and 1.25.16.

The Kubernetes developers noted in their advisory that the vulnerability pertains to clusters utilizing built-in storage plugins for Windows nodes, potentially leading to complete control over all Windows nodes in the cluster. This is attributed to the utilization of insecure function calls and the lack of sanitization of user input, specifically in the handling of local Kubernetes volumes.

Akamai elucidated that an attacker could employ a specially crafted path parameter in a YAML file to inject and execute commands using the command separator “&&”. In response to the vulnerability, the Kubernetes team substituted the command line call with a native Go function that performs the same operation without the possibility of injection.

It’s worth mentioning that Kubernetes frequently becomes a target for hackers, largely because vulnerabilities periodically emerge within it. For instance, at the end of January, we reported on the Sys:All vulnerability that allows control over a Kubernetes cluster using a Google account.

These incidents with vulnerabilities in Kubernetes underscore the importance of timely software updates to address security flaws. Developers can swiftly rectify identified vulnerabilities, but ultimately, the responsibility lies with system administrators who must promptly apply released updates to ensure the security of their systems.

Maintaining up-to-date and secure software is a pivotal aspect of cybersecurity, especially in the context of critical systems such as Kubernetes.