免费扫描
分析待定CVE-2022-37968

CVE-2022-37968: Privilege Escalation in Azure Arc Kubernetes

平台

kubernetes

组件

azure-arc-enabled-kubernetes-cluster-connect

修复版本

2.2.2088.5593

在NVD查看
保存

CVE-2022-37968 is a critical vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. An unauthenticated user can exploit this flaw to elevate their privileges, potentially gaining full administrative control over the Kubernetes cluster. This vulnerability impacts versions 1.0.0 through 2.2.2088.5593, and also affects Azure Stack Edge devices utilizing Azure Arc for Kubernetes deployments. Microsoft has released a fix in version 2.2.2088.5593.

影响与攻击场景翻译中…

The impact of CVE-2022-37968 is severe. Successful exploitation allows an attacker to bypass authentication and gain administrative privileges within the Kubernetes cluster. This could lead to complete compromise of the cluster, including the ability to deploy malicious workloads, steal sensitive data, and disrupt services. Given the integration of Azure Arc with Azure Stack Edge, attackers could potentially leverage this vulnerability to gain control over edge devices and the data they process. The potential for lateral movement within the Azure environment is also a significant concern, as a compromised Kubernetes cluster could be used as a springboard to attack other Azure resources.

利用背景翻译中…

CVE-2022-37968 is considered a high-risk vulnerability due to its critical CVSS score and the potential for complete cluster compromise. While no public exploits have been widely reported, the ease of exploitation (unauthenticated access) raises concerns about potential active exploitation. The vulnerability was published on October 11, 2022, and is tracked by CISA. The EPSS score is likely to be elevated, indicating a higher probability of exploitation.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

3.68% (88% 百分位)

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C10.0CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件azure-arc-enabled-kubernetes-cluster-connect
供应商Microsoft
最低版本1.0.0
最高版本2.2.2088.5593
修复版本2.2.2088.5593

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2022-37968 is to upgrade Azure Arc-enabled Kubernetes clusters to version 2.2.2088.5593 or later. If immediate upgrade is not possible, consider implementing network segmentation to restrict access to the Kubernetes API server. Review and strengthen authentication and authorization policies within the cluster to limit the potential impact of a successful attack. Monitor Kubernetes audit logs for suspicious activity, particularly failed authentication attempts and privilege escalations. While a WAF cannot directly address this vulnerability, it can help mitigate the impact of related attacks by filtering malicious traffic.

修复方法翻译中…

Actualice su clúster de Kubernetes habilitado para Azure Arc a la versión 1.8.11 o superior, o a la versión 1.5.8, 1.6.19, 1.7.18 o 2.2.2088.5593 según corresponda. Esto solucionará la vulnerabilidad de elevación de privilegios en la función de conexión del clúster.

常见问题翻译中…

What is CVE-2022-37968 — Privilege Escalation in Azure Arc Kubernetes?

CVE-2022-37968 is a critical vulnerability in Azure Arc-enabled Kubernetes clusters allowing unauthenticated users to gain administrative control. It affects versions 1.0.0–2.2.2088.5593 and Azure Stack Edge devices.

Am I affected by CVE-2022-37968 in Azure Arc Kubernetes?

If you are using Azure Arc-enabled Kubernetes clusters in versions 1.0.0 through 2.2.2088.5593, or if you utilize Azure Stack Edge with Kubernetes deployments via Azure Arc, you are potentially affected.

How do I fix CVE-2022-37968 in Azure Arc Kubernetes?

Upgrade your Azure Arc-enabled Kubernetes cluster to version 2.2.2088.5593 or later. Consider network segmentation and strengthened authentication policies as interim measures.

Is CVE-2022-37968 being actively exploited?

While no widespread public exploits have been reported, the ease of exploitation raises concerns about potential active campaigns. Continuous monitoring is recommended.

Where can I find the official Azure advisory for CVE-2022-37968?

Refer to the Microsoft Security Update Guide for CVE-2022-37968: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE
live免费扫描

立即试用 — 无需账户

上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。

手动扫描Slack/邮件提醒持续监控白标报告

拖放您的依赖文件

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...