Rewterz Threat Advisory – ICS: Siemens Nucleus Products IPv6 Stack
April 15, 2021Rewterz Threat Advisory – McAfee (DLP) Endpoint for Windows Vulnerabilities
April 15, 2021Rewterz Threat Advisory – ICS: Siemens Nucleus Products IPv6 Stack
April 15, 2021Rewterz Threat Advisory – McAfee (DLP) Endpoint for Windows Vulnerabilities
April 15, 2021Severity
Medium
Analysis Summary
CVE-2021-20291
The malware affects the Go library called “containers/storage.” It is triggered when a malicious image is placed inside the registry, and a DoS condition is initiated when the image is pulled from the registry by an unwitting user. Malicious actors can jeopardize any containerized infrastructure that relies on vulnerable container engines like Kubernetes and OpenShift.
CVE-2021-25735
Kubernetes Kube-apiserver allows a remote authenticated attacker to bypass security restrictions that are caused when performing note updates. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass a Validating Admission Webhook.
Impact
- Denial of service
- Security bypass
Affected Vendors
Kubernetes
Affected Products
- Kubernetes kube-apiserver 1.18.17
- Kubernetes kube-apiserver 1.19.0
- Kubernetes kube-apiserver 1.19.9
- Kubernetes kube-apiserver 1.20.0
Remediation
Upgrade to the latest version of Kube-apiserver (1.18.18, 1.19.10, 1.20.6, 1.21.0 or later)