cbcvebase.
CVE-2023-29332
published 2023-09-12

CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.83%
84.9th percentile
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftazure_kubernetes_service>= 1.0 < VHD 202308VHD 202308
msrcazure_kubernetes_service

Detection & IOCsextracted from sources · hover to see the quote

  • Identify susceptible AKS agent pools via the Azure Portal: navigate to cluster Overview > Diagnose and Solve Problems > Identity and Security > TLS Bootstrap Token CVE
  • AKS resources running Ubuntu OS are vulnerable if their node image version is below 202308.01; flag any node image older than this version.
  • AKS resources running Windows OS are vulnerable if their node image version is below 20348.1906; flag any node image older than this version.
  • The attack requires no prior knowledge of the cluster and is remotely exploitable from the internet with repeatable success; monitor for anomalous unauthenticated or low-privilege network requests to AKS API endpoints.
  • Agent pools created or upgraded within the last 48 hours are protected; use this as a triage filter when assessing exposure across AKS clusters.
  • ·Successful exploitation grants Cluster Administrator privileges, representing full cluster compromise; treat any unexplained cluster-admin role binding as a potential post-exploitation indicator.
  • ·The vulnerability is specific to the TLS Bootstrap Token mechanism in AKS; integrity and availability are not impacted — only confidentiality (token disclosure) is affected.
  • ·As of advisory publication, the vulnerability has not been publicly disclosed or actively exploited in the wild, reducing immediate urgency but not eliminating risk.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.