{"vulnerability": "CVE-2024-9042", "sightings": [{"uuid": "74455f85-75ac-4d0d-971d-9c6f64df97ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/bizanosa.bsky.social/post/3lfu67xwcfq2u", "content": "", "creation_timestamp": "2025-01-16T11:25:08.828051Z"}, {"uuid": "d359a64e-985c-4922-97c7-e4dad1ca08bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lftcbec3qa24", "content": "", "creation_timestamp": "2025-01-16T03:04:51.611394Z"}, {"uuid": "046d3130-6f93-425b-ba95-23a3dd2527d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/tmjintel.bsky.social/post/3lfubjc7iss27", "content": "", "creation_timestamp": "2025-01-16T12:24:03.336604Z"}, {"uuid": "e490742e-c7a7-4e8b-b944-79453af5eb21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lft3bma4gs2t", "content": "", "creation_timestamp": "2025-01-16T00:59:42.267853Z"}, {"uuid": "35a4bc96-6604-423f-8432-858978218a87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfwnl56jpq23", "content": "", "creation_timestamp": "2025-01-17T11:05:09.210833Z"}, {"uuid": "b58340c9-9939-456b-91e5-682a23e34450", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/amberwolfsec.bsky.social/post/3lfx4zntmgs2r", "content": "", "creation_timestamp": "2025-01-17T15:41:42.340418Z"}, {"uuid": "81fb435c-ae8e-47d1-bc48-2342ff0c4f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/amberwolfsec.bsky.social/post/3lfx4zntscc2r", "content": "", "creation_timestamp": "2025-01-17T15:41:42.825764Z"}, {"uuid": "121879c4-5690-45e5-9513-49660438390f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/smarticu5.bsky.social/post/3lfx5flesrk26", "content": "", "creation_timestamp": "2025-01-17T15:48:22.604812Z"}, {"uuid": "b9970346-16ea-413e-a25d-ccece02a564c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3lfxqzjijn624", "content": "", "creation_timestamp": "2025-01-17T21:39:32.254948Z"}, {"uuid": "f0080fb6-794f-4d34-bbb7-e40639b9a0d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/chrisshort.net/post/3lg6cydwexk2r", "content": "", "creation_timestamp": "2025-01-20T12:16:58.418553Z"}, {"uuid": "7c87954e-3b64-4d20-bfce-d6ac188466f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://hachyderm.io/users/ChrisShort/statuses/113860635528036105", "content": "", "creation_timestamp": "2025-01-20T12:17:00.762691Z"}, {"uuid": "bf2989de-5093-49d0-b2dd-414efa7c7054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/chrisshort.net/post/3lg6om466sz2m", "content": "", "creation_timestamp": "2025-01-20T15:44:52.736518Z"}, {"uuid": "63062231-e06c-4382-9301-f99fe463c7e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://hachyderm.io/users/ChrisShort/statuses/113861452930505800", "content": "", "creation_timestamp": "2025-01-20T15:44:53.281406Z"}, {"uuid": "915063a0-4167-4e02-a776-e6eb4a5d73dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/cloudnativeboy.bsky.social/post/3lg6q72ulsk2y", "content": "", "creation_timestamp": "2025-01-20T16:13:23.819208Z"}, {"uuid": "476fb023-41f6-4a02-9494-3873927622bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113889706549312589", "content": "", "creation_timestamp": "2025-01-25T15:30:09.312036Z"}, {"uuid": "fe60c586-e458-4c79-a617-bf7d62b85745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113884056434315774", "content": "", "creation_timestamp": "2025-01-24T15:33:15.747705Z"}, {"uuid": "fc3d23e8-4392-44a2-b6fd-ae3c1f08808e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3llan5l2mul2w", "content": "", "creation_timestamp": "2025-03-26T01:30:09.655917Z"}, {"uuid": "b2b5ba0e-4b41-4a31-84a5-31901bb19270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/sansisc.bsky.social/post/3m7nenmnqy52v", "content": "", "creation_timestamp": "2025-12-10T15:26:33.051083Z"}, {"uuid": "6fdc55e2-a7c7-4503-b43f-19a0724246c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/undercodenews.bsky.social/post/3m7njsxhzhz2g", "content": "", "creation_timestamp": "2025-12-10T16:59:01.214248Z"}, {"uuid": "7a929fad-6654-47be-8afb-a55f25a78b33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11698", "content": "#exploit \n1. CVE-2024-9042:\nCommand Injection in Windows Kubernetes Nodes\nhttps://blog.amberwolf.com/blog/2025/january/reproducing-cve-2024-9042---command-injection-in-windows-kubernetes-nodes\n\n2. CVE-2024-38041:\nExploiting MS Kernel Applocker Driver\nhttps://csacyber.com/blog/exploiting-microsoft-kernel-applocker-driver-cve-2024-38041", "creation_timestamp": "2025-01-19T02:36:04.000000Z"}, {"uuid": "6dd4c8a0-c80c-4138-be93-2f19d9a0cb3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/5084", "content": "\u042f \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u044f \u043f\u043e\u0441\u0442\u0430 \u043f\u043e\u0448\u0451\u043b \u0438\u0441\u043a\u0430\u0442\u044c \u043a\u0430\u043a\u043e\u0439 \u0436\u0435 \u043f\u0440\u043e\u0446\u0435\u043d\u0442 \u043d\u043e\u0434 AKS \u0436\u0438\u0432\u0451\u0442 \u043f\u043e\u0434 Windows, \u043d\u043e \u043d\u0438\u0447\u0435\u0433\u043e \u043d\u0435 \u043d\u0430\u0448\u0451\u043b.\n\n\u041d\u043e \u0442\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435 \u043d\u0430\u0448\u0451\u043b \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f, \u0447\u0442\u043e \u0435\u0441\u0442\u044c \u0442\u0435 \u043a\u0442\u043e managed Kubernetes \u0434\u0435\u0440\u0436\u0438\u0442 \u043d\u0430 Windows \u0432 AKS. \u0417\u0430\u0447\u0435\u043c \u044d\u0442\u043e \u043d\u0443\u0436\u043d\u043e \u044f \u043d\u0435 \u043f\u043e\u043d\u0438\u043c\u0430\u044e, \u043d\u043e \u043d\u0430\u0432\u0435\u0440\u043d\u043e\u0435 \u0437\u0430\u0447\u0435\u043c-\u0442\u043e \u043d\u0443\u0436\u043d\u043e \n\nExecutive summary\n\n- Akamai security researcher Tomer Peled recently discovered a vulnerability in Kubernetes that was assigned CVE-2024-9042.\n\n- The vulnerability allows remote code execution (RCE) with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the cluster must be configured to run the new logging mechanism \u201cLog Query.\u201d\n\n- The vulnerability can be triggered with a simple GET request to the remote node.\n\n- Successful exploitation of this vulnerability can lead to full takeover on all Windows nodes in a cluster.\n\n- This vulnerability can be exploited on default installations of Kubernetes that opted-in to use beta features (earlier than version 1.32.1), and was tested against both on-prem deployments and Azure Kubernetes Service.\n\n- In this blog post, we provide a proof-of-concept curl command and discuss possible mitigations.\nExploit Me, Baby, One More Time: Command Injection in Kubernetes Log Query\nhttps://www.akamai.com/blog/security-research/2024-january-kubernetes-log-query-rce-windows", "creation_timestamp": "2025-03-08T14:33:30.000000Z"}, {"uuid": "1b485a86-b475-4413-817a-5b0c172bb57f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/sansisc.bsky.social/post/3m7oqznyptj2t", "content": "", "creation_timestamp": "2025-12-11T04:40:41.706115Z"}, {"uuid": "07181044-4fe3-4c68-ada9-38f1248f8e38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3m7plyf2raon2", "content": "", "creation_timestamp": "2025-12-11T12:43:22.447580Z"}, {"uuid": "a016f79a-6ee1-4e06-900d-a384933b6800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-9042", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7486", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-9042\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.\n\ud83d\udccf Published: 2025-03-13T16:40:13.895Z\n\ud83d\udccf Modified: 2025-03-13T19:24:39.825Z\n\ud83d\udd17 References:\n1. https://github.com/kubernetes/kubernetes/issues/129654\n2. https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg", "creation_timestamp": "2025-03-13T19:42:51.000000Z"}]}