無料スキャン
分析待ちCVE-2022-37968

CVE-2022-37968: Privilege Escalation in Azure Arc Kubernetes

プラットフォーム

kubernetes

コンポーネント

azure-arc-enabled-kubernetes-cluster-connect

修正版

2.2.2088.5593

NVDで見る
保存

CVE-2022-37968 is a critical vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. An unauthenticated user can exploit this flaw to elevate their privileges, potentially gaining full administrative control over the Kubernetes cluster. This vulnerability impacts versions 1.0.0 through 2.2.2088.5593, and also affects Azure Stack Edge devices utilizing Azure Arc for Kubernetes deployments. Microsoft has released a fix in version 2.2.2088.5593.

影響と攻撃シナリオ翻訳中…

The impact of CVE-2022-37968 is severe. Successful exploitation allows an attacker to bypass authentication and gain administrative privileges within the Kubernetes cluster. This could lead to complete compromise of the cluster, including the ability to deploy malicious workloads, steal sensitive data, and disrupt services. Given the integration of Azure Arc with Azure Stack Edge, attackers could potentially leverage this vulnerability to gain control over edge devices and the data they process. The potential for lateral movement within the Azure environment is also a significant concern, as a compromised Kubernetes cluster could be used as a springboard to attack other Azure resources.

悪用の状況翻訳中…

CVE-2022-37968 is considered a high-risk vulnerability due to its critical CVSS score and the potential for complete cluster compromise. While no public exploits have been widely reported, the ease of exploitation (unauthenticated access) raises concerns about potential active exploitation. The vulnerability was published on October 11, 2022, and is tracked by CISA. The EPSS score is likely to be elevated, indicating a higher probability of exploitation.

脅威インテリジェンス

エクスプロイト状況

概念実証不明
CISA KEVNO
インターネット露出

EPSS

3.68% (88% パーセンタイル)

CVSS ベクトル

脅威インテリジェンス· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C10.0CRITICALAttack VectorNetwork攻撃者がターゲットに到達する方法Attack ComplexityLow悪用に必要な条件Privileges RequiredNone攻撃に必要な認証レベルUser InteractionNone被害者の操作が必要かどうかScopeChanged影響コンポーネント外への波及ConfidentialityHigh機密データ漏洩のリスクIntegrityHigh不正データ改ざんのリスクAvailabilityHighサービス障害のリスクnextguardhq.com · CVSS v3.1 基本スコア
これらのメトリクスの意味は?
Attack Vector
ネットワーク — インターネット経由でリモートから悪用可能。物理・ローカルアクセス不要。
Attack Complexity
低 — 特別な条件不要。安定して悪用可能。
Privileges Required
なし — 認証不要。資格情報なしで悪用可能。
User Interaction
なし — 自動かつ無音の攻撃。被害者は何もしない。
Scope
変化あり — 攻撃が脆弱なコンポーネントを超えて他のシステムに波及可能。
Confidentiality
高 — 機密性の完全喪失。全データが読み取り可能。
Integrity
高 — 任意のデータの書き込み・変更・削除が可能。
Availability
高 — 完全なクラッシュまたはリソース枯渇。完全なサービス拒否。

影響を受けるソフトウェア

コンポーネントazure-arc-enabled-kubernetes-cluster-connect
ベンダーMicrosoft
最小バージョン1.0.0
最大バージョン2.2.2088.5593
修正版2.2.2088.5593

タイムライン

  1. 予約済み
  2. 公開日
  3. 更新日
  4. EPSS 更新日

緩和策と回避策翻訳中…

The primary mitigation for CVE-2022-37968 is to upgrade Azure Arc-enabled Kubernetes clusters to version 2.2.2088.5593 or later. If immediate upgrade is not possible, consider implementing network segmentation to restrict access to the Kubernetes API server. Review and strengthen authentication and authorization policies within the cluster to limit the potential impact of a successful attack. Monitor Kubernetes audit logs for suspicious activity, particularly failed authentication attempts and privilege escalations. While a WAF cannot directly address this vulnerability, it can help mitigate the impact of related attacks by filtering malicious traffic.

修正方法翻訳中…

Actualice su clúster de Kubernetes habilitado para Azure Arc a la versión 1.8.11 o superior, o a la versión 1.5.8, 1.6.19, 1.7.18 o 2.2.2088.5593 según corresponda. Esto solucionará la vulnerabilidad de elevación de privilegios en la función de conexión del clúster.

よくある質問翻訳中…

What is CVE-2022-37968 — Privilege Escalation in Azure Arc Kubernetes?

CVE-2022-37968 is a critical vulnerability in Azure Arc-enabled Kubernetes clusters allowing unauthenticated users to gain administrative control. It affects versions 1.0.0–2.2.2088.5593 and Azure Stack Edge devices.

Am I affected by CVE-2022-37968 in Azure Arc Kubernetes?

If you are using Azure Arc-enabled Kubernetes clusters in versions 1.0.0 through 2.2.2088.5593, or if you utilize Azure Stack Edge with Kubernetes deployments via Azure Arc, you are potentially affected.

How do I fix CVE-2022-37968 in Azure Arc Kubernetes?

Upgrade your Azure Arc-enabled Kubernetes cluster to version 2.2.2088.5593 or later. Consider network segmentation and strengthened authentication policies as interim measures.

Is CVE-2022-37968 being actively exploited?

While no widespread public exploits have been reported, the ease of exploitation raises concerns about potential active campaigns. Continuous monitoring is recommended.

Where can I find the official Azure advisory for CVE-2022-37968?

Refer to the Microsoft Security Update Guide for CVE-2022-37968: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

あなたのプロジェクトは影響を受けていますか?

依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。

無料スキャンCVEを検索
scanZone.liveBadgescanZone.eyebrow

今すぐ試す — アカウント不要

Upload any manifest (composer.lock, package-lock.json, WordPress plugin list…) or paste your component list. You get a vulnerability report instantly. Uploading a file is just the start: with an account you get continuous monitoring, Slack/email alerts, multi-project and white-label reports.

手動スキャンSlack/メールアラートContinuous monitoringホワイトラベルレポート

依存関係ファイルをドラッグ&ドロップ

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...