CVE-2023-29332
published 2023-09-12CVE-2023-29332: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.83%
84.9th percentile
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_kubernetes_service | >= 1.0 < VHD 202308 | VHD 202308 |
| msrc | azure_kubernetes_service | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Identify susceptible AKS agent pools via the Azure Portal: navigate to cluster Overview > Diagnose and Solve Problems > Identity and Security > TLS Bootstrap Token CVE ↗
- →AKS resources running Ubuntu OS are vulnerable if their node image version is below 202308.01; flag any node image older than this version. ↗
- →AKS resources running Windows OS are vulnerable if their node image version is below 20348.1906; flag any node image older than this version. ↗
- →The attack requires no prior knowledge of the cluster and is remotely exploitable from the internet with repeatable success; monitor for anomalous unauthenticated or low-privilege network requests to AKS API endpoints. ↗
- →Agent pools created or upgraded within the last 48 hours are protected; use this as a triage filter when assessing exposure across AKS clusters. ↗
- ·Successful exploitation grants Cluster Administrator privileges, representing full cluster compromise; treat any unexplained cluster-admin role binding as a potential post-exploitation indicator. ↗
- ·The vulnerability is specific to the TLS Bootstrap Token mechanism in AKS; integrity and availability are not impacted — only confidentiality (token disclosure) is affected. ↗
- ·As of advisory publication, the vulnerability has not been publicly disclosed or actively exploited in the wild, reducing immediate urgency but not eliminating risk. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
vendor_msrc·2023-09-12·CVSS 7.5
CVE-2023-29332 [HIGH] CWE-330 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain Cluster Administrator privileges.
FAQ: How do I protect my resources against this vulnerability?
Customers must update or upgrade their Azure Kuberenetes Service resource deployments using the following guidance:
Upgrade your AKS node image to receive the fix without altering your Kubernetes version.
Upgrade your AKS cluster to a newer version which will also bring your node image to the latest version.
FAQ: What additional actions can customers take to help ensure their resources are secure?
We highly encourage customers to enable automatic node im
GHSA
GHSA-j9pr-jq8h-jrmm: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
ghsa_unreviewed·2023-09-12
CVE-2023-29332 [CRITICAL] CWE-20 GHSA-j9pr-jq8h-jrmm: Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for September 2023
Adobe Patches for September 2023
Zero-day Vulnerability Patched in September Patch Tuesday Edition
Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-based) in multip
Bleepingcomputer
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
blogs_bleepingcomputer·2023-09-12·CVSS 6.5
[MEDIUM] Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
## Lawrence Abrams
3 Security Feature Bypass Vulnerabilities
24 Remote Code Execution Vulnerabilities
9 Information Disclosure Vulnerabilities
3 Denial of Service Vulnerabilities
5 Spoofing Vulnerabilities
5 Edge - Chromium Vulnerabilities
The total count of 59 flaws does not include five Microsoft Edge (Chromium) vulnerabilities two non-Microsoft flaws in Electron and Autodesk.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5030219 cumulative update and Windows 10 KB5030211 updates released.
## Two actively exploited zero-day vulnerabilities
This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks
Qualys
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
blogs_qualys·2023-09-12
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for September 2023
- Adobe Patches for September 2023
- Zero-day Vulnerability Patched in September Patch Tuesday Edition
- Other Critical Severity Vulnerabilities Patched in September Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- EXECUTE Mitigation Using Qualys Custom Assessment and Remediation (CAR)
- Qualys Monthly Webinar Series
Microsoft has released the Patch Tuesday edition for September. This month’s updates have addressed 66 security vulnerabilities (including Edge Chromium-ba
Crowdstrike
September 2023 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] September 2023 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2023-09-12
Published