Gratis scannen
Analyse in behandelingCVE-2022-37968

CVE-2022-37968: Privilege Escalation in Azure Arc Kubernetes

Platform

kubernetes

Component

azure-arc-enabled-kubernetes-cluster-connect

Opgelost in

2.2.2088.5593

Bekijk op NVD
Opslaan

CVE-2022-37968 is a critical vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. An unauthenticated user can exploit this flaw to elevate their privileges, potentially gaining full administrative control over the Kubernetes cluster. This vulnerability impacts versions 1.0.0 through 2.2.2088.5593, and also affects Azure Stack Edge devices utilizing Azure Arc for Kubernetes deployments. Microsoft has released a fix in version 2.2.2088.5593.

Impact en Aanvalsscenarioswordt vertaald…

The impact of CVE-2022-37968 is severe. Successful exploitation allows an attacker to bypass authentication and gain administrative privileges within the Kubernetes cluster. This could lead to complete compromise of the cluster, including the ability to deploy malicious workloads, steal sensitive data, and disrupt services. Given the integration of Azure Arc with Azure Stack Edge, attackers could potentially leverage this vulnerability to gain control over edge devices and the data they process. The potential for lateral movement within the Azure environment is also a significant concern, as a compromised Kubernetes cluster could be used as a springboard to attack other Azure resources.

Uitbuitingscontextwordt vertaald…

CVE-2022-37968 is considered a high-risk vulnerability due to its critical CVSS score and the potential for complete cluster compromise. While no public exploits have been widely reported, the ease of exploitation (unauthenticated access) raises concerns about potential active exploitation. The vulnerability was published on October 11, 2022, and is tracked by CISA. The EPSS score is likely to be elevated, indicating a higher probability of exploitation.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

EPSS

3.68% (88% percentiel)

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C10.0CRITICALAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredNoneVereist authenticatieniveau voor aanvalUser InteractionNoneOf het slachtoffer actie moet ondernemenScopeChangedImpact buiten het getroffen onderdeelConfidentialityHighRisico op blootstelling van gevoelige dataIntegrityHighRisico op ongeautoriseerde gegevenswijzigingAvailabilityHighRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Geen — geen authenticatie vereist om te exploiteren.
User Interaction
Geen — automatische en stille aanval. Slachtoffer doet niets.
Scope
Gewijzigd — aanval kan voorbij het kwetsbare component uitbreiden naar andere systemen.
Confidentiality
Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
Integrity
Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
Availability
Hoog — volledige crash of uitputting van resources. Totale denial of service.

Getroffen Software

Componentazure-arc-enabled-kubernetes-cluster-connect
LeverancierMicrosoft
Minimumversie1.0.0
Maximumversie2.2.2088.5593
Opgelost in2.2.2088.5593

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd
  4. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2022-37968 is to upgrade Azure Arc-enabled Kubernetes clusters to version 2.2.2088.5593 or later. If immediate upgrade is not possible, consider implementing network segmentation to restrict access to the Kubernetes API server. Review and strengthen authentication and authorization policies within the cluster to limit the potential impact of a successful attack. Monitor Kubernetes audit logs for suspicious activity, particularly failed authentication attempts and privilege escalations. While a WAF cannot directly address this vulnerability, it can help mitigate the impact of related attacks by filtering malicious traffic.

Hoe te verhelpenwordt vertaald…

Actualice su clúster de Kubernetes habilitado para Azure Arc a la versión 1.8.11 o superior, o a la versión 1.5.8, 1.6.19, 1.7.18 o 2.2.2088.5593 según corresponda. Esto solucionará la vulnerabilidad de elevación de privilegios en la función de conexión del clúster.

Veelgestelde vragenwordt vertaald…

What is CVE-2022-37968 — Privilege Escalation in Azure Arc Kubernetes?

CVE-2022-37968 is a critical vulnerability in Azure Arc-enabled Kubernetes clusters allowing unauthenticated users to gain administrative control. It affects versions 1.0.0–2.2.2088.5593 and Azure Stack Edge devices.

Am I affected by CVE-2022-37968 in Azure Arc Kubernetes?

If you are using Azure Arc-enabled Kubernetes clusters in versions 1.0.0 through 2.2.2088.5593, or if you utilize Azure Stack Edge with Kubernetes deployments via Azure Arc, you are potentially affected.

How do I fix CVE-2022-37968 in Azure Arc Kubernetes?

Upgrade your Azure Arc-enabled Kubernetes cluster to version 2.2.2088.5593 or later. Consider network segmentation and strengthened authentication policies as interim measures.

Is CVE-2022-37968 being actively exploited?

While no widespread public exploits have been reported, the ease of exploitation raises concerns about potential active campaigns. Continuous monitoring is recommended.

Where can I find the official Azure advisory for CVE-2022-37968?

Refer to the Microsoft Security Update Guide for CVE-2022-37968: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...