Analyse en attenteCVE-2022-37968

CVE-2022-37968: Privilege Escalation in Azure Arc Kubernetes

Plateforme

kubernetes

Composant

azure-arc-enabled-kubernetes-cluster-connect

Corrigé dans

2.2.2088.5593

Voir sur NVD

Sauvegarder

CVE-2022-37968 is a critical vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. An unauthenticated user can exploit this flaw to elevate their privileges, potentially gaining full administrative control over the Kubernetes cluster. This vulnerability impacts versions 1.0.0 through 2.2.2088.5593, and also affects Azure Stack Edge devices utilizing Azure Arc for Kubernetes deployments. Microsoft has released a fix in version 2.2.2088.5593.

Impact et Scénarios d'Attaquetraduction en cours…

The impact of CVE-2022-37968 is severe. Successful exploitation allows an attacker to bypass authentication and gain administrative privileges within the Kubernetes cluster. This could lead to complete compromise of the cluster, including the ability to deploy malicious workloads, steal sensitive data, and disrupt services. Given the integration of Azure Arc with Azure Stack Edge, attackers could potentially leverage this vulnerability to gain control over edge devices and the data they process. The potential for lateral movement within the Azure environment is also a significant concern, as a compromised Kubernetes cluster could be used as a springboard to attack other Azure resources.

Contexte d'Exploitationtraduction en cours…

CVE-2022-37968 is considered a high-risk vulnerability due to its critical CVSS score and the potential for complete cluster compromise. While no public exploits have been widely reported, the ease of exploitation (unauthenticated access) raises concerns about potential active exploitation. The vulnerability was published on October 11, 2022, and is tracked by CISA. The EPSS score is likely to be elevated, indicating a higher probability of exploitation.

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu

CISA KEVNO

Exposition InternetÉlevée

EPSS

3.68% (percentile 88%)

Vecteur CVSS

Que signifient ces métriques?

Attack Vector: Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity: Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required: Aucun — sans authentification. Aucune identifiant requis pour exploiter.
User Interaction: Aucune — attaque automatique et silencieuse. La victime ne fait rien.
Scope: Modifié — l'attaque peut pivoter au-delà du composant vulnérable.
Confidentiality: Élevé — perte totale de confidentialité. L'attaquant peut lire toutes les données.
Integrity: Élevé — l'attaquant peut écrire, modifier ou supprimer toutes les données.
Availability: Élevé — panne complète ou épuisement des ressources. Déni de service total.

Logiciel Affecté

Composantazure-arc-enabled-kubernetes-cluster-connect

FournisseurMicrosoft

Version minimale1.0.0

Version maximale2.2.2088.5593

Corrigé dans2.2.2088.5593

Chronologie

Réservé2022-08-08
Publiée2022-10-11
Modifiée2025-01-02
EPSS mis à jour2026-04-02

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2022-37968 is to upgrade Azure Arc-enabled Kubernetes clusters to version 2.2.2088.5593 or later. If immediate upgrade is not possible, consider implementing network segmentation to restrict access to the Kubernetes API server. Review and strengthen authentication and authorization policies within the cluster to limit the potential impact of a successful attack. Monitor Kubernetes audit logs for suspicious activity, particularly failed authentication attempts and privilege escalations. While a WAF cannot directly address this vulnerability, it can help mitigate the impact of related attacks by filtering malicious traffic.

Comment corrigertraduction en cours…

Actualice su clúster de Kubernetes habilitado para Azure Arc a la versión 1.8.11 o superior, o a la versión 1.5.8, 1.6.19, 1.7.18 o 2.2.2088.5593 según corresponda. Esto solucionará la vulnerabilidad de elevación de privilegios en la función de conexión del clúster.

Questions fréquentestraduction en cours…

What is CVE-2022-37968 — Privilege Escalation in Azure Arc Kubernetes?

CVE-2022-37968 is a critical vulnerability in Azure Arc-enabled Kubernetes clusters allowing unauthenticated users to gain administrative control. It affects versions 1.0.0–2.2.2088.5593 and Azure Stack Edge devices.

Am I affected by CVE-2022-37968 in Azure Arc Kubernetes?

If you are using Azure Arc-enabled Kubernetes clusters in versions 1.0.0 through 2.2.2088.5593, or if you utilize Azure Stack Edge with Kubernetes deployments via Azure Arc, you are potentially affected.

How do I fix CVE-2022-37968 in Azure Arc Kubernetes?

Upgrade your Azure Arc-enabled Kubernetes cluster to version 2.2.2088.5593 or later. Consider network segmentation and strengthened authentication policies as interim measures.

Is CVE-2022-37968 being actively exploited?

While no widespread public exploits have been reported, the ease of exploitation raises concerns about potential active campaigns. Continuous monitoring is recommended.

Where can I find the official Azure advisory for CVE-2022-37968?

Refer to the Microsoft Security Update Guide for CVE-2022-37968: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitement Rechercher des CVE

en directfree scan

Essayez maintenant — sans compte

scanZone.subtitle

Scan manuelSlack/email alertsContinuous monitoringWhite-label reports

Glissez-déposez votre fichier de dépendances

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...

Parcourir les fichiers