Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2022-37968: Privilege Escalation in Azure Arc Kubernetes
Plataforma
kubernetes
Componente
azure-arc-enabled-kubernetes-cluster-connect
Corrigido em
2.2.2088.5593
CVE-2022-37968 is a critical vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. An unauthenticated user can exploit this flaw to elevate their privileges, potentially gaining full administrative control over the Kubernetes cluster. This vulnerability impacts versions 1.0.0 through 2.2.2088.5593, and also affects Azure Stack Edge devices utilizing Azure Arc for Kubernetes deployments. Microsoft has released a fix in version 2.2.2088.5593.
Impacto e Cenários de Ataquetraduzindo…
The impact of CVE-2022-37968 is severe. Successful exploitation allows an attacker to bypass authentication and gain administrative privileges within the Kubernetes cluster. This could lead to complete compromise of the cluster, including the ability to deploy malicious workloads, steal sensitive data, and disrupt services. Given the integration of Azure Arc with Azure Stack Edge, attackers could potentially leverage this vulnerability to gain control over edge devices and the data they process. The potential for lateral movement within the Azure environment is also a significant concern, as a compromised Kubernetes cluster could be used as a springboard to attack other Azure resources.
Contexto de Exploraçãotraduzindo…
CVE-2022-37968 is considered a high-risk vulnerability due to its critical CVSS score and the potential for complete cluster compromise. While no public exploits have been widely reported, the ease of exploitation (unauthenticated access) raises concerns about potential active exploitation. The vulnerability was published on October 11, 2022, and is tracked by CISA. The EPSS score is likely to be elevated, indicating a higher probability of exploitation.
Inteligência de Ameaças
Status do Exploit
EPSS
3.68% (percentil 88%)
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Nenhum — sem autenticação necessária para explorar.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Alterado — o ataque pode pivotar para além do componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Alto — falha completa ou esgotamento de recursos. Negação de serviço total.
Software Afetado
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2022-37968 is to upgrade Azure Arc-enabled Kubernetes clusters to version 2.2.2088.5593 or later. If immediate upgrade is not possible, consider implementing network segmentation to restrict access to the Kubernetes API server. Review and strengthen authentication and authorization policies within the cluster to limit the potential impact of a successful attack. Monitor Kubernetes audit logs for suspicious activity, particularly failed authentication attempts and privilege escalations. While a WAF cannot directly address this vulnerability, it can help mitigate the impact of related attacks by filtering malicious traffic.
Como corrigirtraduzindo…
Actualice su clúster de Kubernetes habilitado para Azure Arc a la versión 1.8.11 o superior, o a la versión 1.5.8, 1.6.19, 1.7.18 o 2.2.2088.5593 según corresponda. Esto solucionará la vulnerabilidad de elevación de privilegios en la función de conexión del clúster.
Perguntas frequentestraduzindo…
What is CVE-2022-37968 — Privilege Escalation in Azure Arc Kubernetes?
CVE-2022-37968 is a critical vulnerability in Azure Arc-enabled Kubernetes clusters allowing unauthenticated users to gain administrative control. It affects versions 1.0.0–2.2.2088.5593 and Azure Stack Edge devices.
Am I affected by CVE-2022-37968 in Azure Arc Kubernetes?
If you are using Azure Arc-enabled Kubernetes clusters in versions 1.0.0 through 2.2.2088.5593, or if you utilize Azure Stack Edge with Kubernetes deployments via Azure Arc, you are potentially affected.
How do I fix CVE-2022-37968 in Azure Arc Kubernetes?
Upgrade your Azure Arc-enabled Kubernetes cluster to version 2.2.2088.5593 or later. Consider network segmentation and strengthened authentication policies as interim measures.
Is CVE-2022-37968 being actively exploited?
While no widespread public exploits have been reported, the ease of exploitation raises concerns about potential active campaigns. Continuous monitoring is recommended.
Where can I find the official Azure advisory for CVE-2022-37968?
Refer to the Microsoft Security Update Guide for CVE-2022-37968: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Experimente agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...