{"uuid": "6dd4c8a0-c80c-4138-be93-2f19d9a0cb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5084", "content": "\u042f \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u0430 \u043f\u043e\u0448\u0451\u043b \u0438\u0441\u043a\u0430\u0442\u044c \u043a\u0430\u043a\u043e\u0439 \u0436\u0435 \u043f\u0440\u043e\u0446\u0435\u043d\u0442 \u043d\u043e\u0434 AKS \u0436\u0438\u0432\u0451\u0442 \u043f\u043e\u0434 Windows, \u043d\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043d\u0430\u0448\u0451\u043b.\n\n\u041d\u043e \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043d\u0430\u0448\u0451\u043b \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u0435\u0441\u0442\u044c \u0442\u0435 \u043a\u0442\u043e managed Kubernetes \u0434\u0435\u0440\u0436\u0438\u0442 \u043d\u0430 Windows \u0432 AKS. \u0417\u0430\u0447\u0435\u043c \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u044f \u043d\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u044e, \u043d\u043e \u043d\u0430\u0432\u0435\u0440\u043d\u043e\u0435 \u0437\u0430\u0447\u0435\u043c-\u0442\u043e \u043d\u0443\u0436\u043d\u043e \n\nExecutive summary\n\n- Akamai security researcher Tomer Peled recently discovered a vulnerability in Kubernetes that was assigned CVE-2024-9042.\n\n- The vulnerability allows remote code execution (RCE) with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the cluster must be configured to run the new logging mechanism \u201cLog Query.\u201d\n\n- The vulnerability can be triggered with a simple GET request to the remote node.\n\n- Successful exploitation of this vulnerability can lead to full takeover on all Windows nodes in a cluster.\n\n- This vulnerability can be exploited on default installations of Kubernetes that opted-in to use beta features (earlier than version 1.32.1), and was tested against both on-prem deployments and Azure Kubernetes Service.\n\n- In this blog post, we provide a proof-of-concept curl command and discuss possible mitigations.\nExploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query\nhttps://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows", "creation_timestamp": "2025-03-08T14:33:30.000000Z"}