CVE-2024-5651
published 2024-08-12CVE-2024-5651: A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.37%
68.5th percentile
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | fence-agents | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect creation of FenceAgentsRemediation resources containing --ssh-path or --telnet-path arguments with unexpected/arbitrary command values, which is the injection vector for RCE on the operator pod. ↗
- →Monitor the Fence Agents Remediation operator pod for unexpected process execution or shell spawning, as successful exploitation results in arbitrary command execution within the operator's pod. ↗
- →Alert on low-privilege or developer-role users (non-admin) creating or modifying FenceAgentsRemediation or FenceAgentsRemediationTemplate Kubernetes resources, as exploitation requires only developer-level access. ↗
- ·The vulnerability is specific to the Fence Agents Remediation operator and does NOT affect the fence-agents package itself; scope detection efforts accordingly. ↗
- ·Only fence agents that support the --ssh-path or --telnet-path arguments are exploitable; not all fence agents are affected. ↗
- ·Mitigation is to restrict RBAC so unprivileged users cannot create FenceAgentsRemediation and FenceAgentsRemediationTemplate resources. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8LOW
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
fence-agents-remediation: Fence Agent Command Line Options Leads to Remote Code Execution
vendor_redhat·2024-08-12·CVSS 8.8
CVE-2024-5651 [HIGH] CWE-94 fence-agents-remediation: Fence Agent Command Line Options Leads to Remote Code Execution
fence-agents-remediation: Fence Agent Command Line Options Leads to Remote Code Execution
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Cod
Debian
CVE-2024-5651: fence-agents - A flaw was found in the Fence Agents Remediation operator. This vulnerability ca...
vendor_debian·2024·CVSS 8.8
CVE-2024-5651 [HIGH] CVE-2024-5651: fence-agents - A flaw was found in the Fence Agents Remediation operator. This vulnerability ca...
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
CVE-2024-5651: A flaw was found in the Fence Agents Remediation operator
osv·2024-08-12·CVSS 8.8
CVE-2024-5651 [HIGH] CVE-2024-5651: A flaw was found in the Fence Agents Remediation operator
A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
GHSA
GHSA-76qm-c9j2-wm6v: A flaw was found in fence agents that rely on SSH/Telnet
ghsa_unreviewed·2024-08-12
CVE-2024-5651 [HIGH] CWE-94 GHSA-76qm-c9j2-wm6v: A flaw was found in fence agents that rely on SSH/Telnet
A flaw was found in fence agents that rely on SSH/Telnet. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-12
Published