Login
Get Access
Demo

blog

Addressing the Severe CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 Vulnerabilities in Kubernetes NGINX Ingress Controllers

CVE-2023-5043 Vulnerability CVE-2023-5044 Vulnerability Kubernetes NGINX Ingress Controller Security Application Security Posture Management NGINX Vulnerability Mitigation Cybersecurity Updates 2023 High Severity Vulnerabilities in Kubernetes Phoenix Security Solutions Containerized Environment Security CVE-2022-4886 Kubernetes Issue NGINX Version 1.19 Update Command Execution Vulnerability Code Injection Security Risk Kubernetes Application Security CISA Known Exploited Vulnerabilities vulnerability vulnerability maangment application security nginx kubernetes
CVE-2023-5043 Vulnerability CVE-2023-5044 Vulnerability NGINX Ingress Controller Application Security Posture Management NGINX Vulnerability Mitigation Cybersecurity Updates 2023 High Severity Vulnerabilities in Kubernetes Phoenix Security Solutions Containerized Environment Security CVE-2022-4886 Kubernetes Issue NGINX Version 1.19 Update Command Execution Vulnerability Code Injection Security Risk Kubernetes Application Security CISA Known Exploited Vulnerabilities vulnerability vulnerability maangment application security

Vigilance is more than just practice in an ever-changing cybersecurity arena The cybersecurity community has recently been focusing on three important security vulnerabilities, known as CVE-2023-5043 and CVE-2023-5044, CVE-2022-4886 (the most critical) that are related to the NGINX ingress controller for Kubernetes. Such vulnerabilities are reasoned enough for vigorous vulnerability management as well as comprehensive application security procedures.

Data Visualization of and exploitation in various datasets and in the wild

To discover this and other vulnerabilities exploited in the wild and the data behind it explore

The Crux of the Vulnerabilities CVE-2023-5043 and CVE-2023-5044 and CVE-2022-4886

CVE-2023-5043 and CVE-2023-5044 carry CVSS scores of 7.6, reflecting their high-severity status in the realm of application security. These vulnerabilities are particularly concerning because they can be exploited to execute arbitrary commands and inject code, respectively. Such actions could lead to unauthorized access and potential exfiltration of sensitive data, striking at the heart of an organization’s application security posture (ASPM).

CVE-2022-4886, with a CVSS score of 8.8 (now 6.5) is also part of this triad of concerns, allowing ingress-nginx path sanitization to be bypassed. This could enable an attacker with ingress object access to extract Kubernetes API credentials from the ingress controller—a sobering thought for any application security professional.

“After exploiting the vulnerability, Lace Tempest issued commands via the SysAid software to deliver a malware loader for the Gracewire malware,” Microsoft.

Mitigation and Management for CVE-2023-5043 and CVE-2023-5044 and CVE-2022-4886

In response to these vulnerabilities, mitigation strategies have been swiftly disseminated. For CVE-2023-5043 and CVE-2023-5044, and CVE-2022-4886, the recommended course of action involves updating NGINX to version 1.19 and enabling the “–enable-annotation-validation” command-line configuration. This measure is aimed at fortifying the application security posture against such incursions.

Decoding VE-2023-5043 and CVE-2023-5044, and CVE-2022-4886 and its impact in the wild

Focusing on the most critical vulnerability, CVE-2022-4886

  • CVSS (rescored) 8.8 -> 5.5 (addressed)
  • CTI – 0 Very low (low use)
  • EPSS – 0.00075 (very low)
  • Exploit Available remote addressable.

The popularity of the vulnerability has decreased since the publication on the 11 and the initial advisory.

Kubernetes Ingress Controller Security Cybersecurity Updates 2023 High Severity Vulnerabilities in Phoenix Security Solutions Containerized Environment Security CVE-2022-4886 Kubernetes Issue NGINX Version 1.19 Update Command Execution Vulnerability Code Injection Security Risk Kubernetes Application Security CISA Known Exploited Vulnerabilities

Few mention after the patch and release data

The Bigger Picture in Application Security

The discovery of CVE-2023-5043 and CVE-2023-5044 and CVE-2022-4886 is a stark reminder of the complexities surrounding application security in containerized environments like Kubernetes. As organizations increasingly adopt Kubernetes and NGINX for their operational flexibility and scalability, comprehensive ASPM solutions become paramount. These solutions must be capable of not only identifying and mitigating known vulnerabilities but also providing visibility and control over the entire application stack.

How Phoenix Security Can Help

Phoenix Security is a comprehensive security solutions like ASPM and vulnerability management that can cover vulnerabilities from code to the cloud are essential to accelerate vulnerability management and scaling. Phoenix Security is here to automatically ingest vulnerabilities from code to cloud and prioritize vulnerabilities at scale. Phoenix also communicates the timeframe for resolution for the government organizations that must comply with CISA and related regulations.

Phoenix Security serves as a beacon for security professionals aiming to pinpoint the CISA kev and ransomware-related exploits within their systems. It meticulously scans your product, identifying instances where the CISA kev vulnerability may be affected. By leveraging Phoenix Security, you not only unravel the potential threats but also take a significant stride in vulnerability management, ensuring your application security remains up to date and focuses on the key vulnerabilities.

Get a Free Assessment today

FREE Assesment

Previous Issues of Vulnerability Weekly

Other Useful resources

Data Visualization of vulnerabilities in the wild

Francesco Cipollone

Francesco Cipollone

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.
15th November 2023
Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

Join Slack community
Linkedin-in Youtube Facebook-f Twitter Instagram

From our Blog

CVE-2023-47246 Lace Tempest Vulnerability SysAid Software Security Ransomware Group TA505 Zero-Day Exploit Alert Cybersecurity Threats 2023 Microsoft Security Insights Cl0p Ransomware SysAid Patch Update Cyber Vulnerability Analysis IT Management Software Security Path Traversal Exploit Gracewire Malware Phoenix Security Solutions Application Security Posture Management (ASPM) CISA Known Exploited Vulnerabilities Cybersecurity Incident Response Shodan Server Analysis Exploit in the Wild OWASP Application Security application secrutiy ransomware vulnerability vulnerability management
  • 13th November 2023

Zero-Day Alert: Lace Tempest CVE-2023-47246 Vulnerability in SysAid Software Exploited by Ransomware Group

Critical Alert: Discover the implications of the Lace Tempest CVE-2023-47246 vulnerability in SysAid software, exploited by the notorious ransomware group TA505 also known as cl0p. Learn path traversal flaw, Microsoft’s insights, and urgent patching advice. Stay informed on the latest in cybersecurity with Phoenix Security’s insights and solutions for mitigating this high-impact ransomware threat. Focus on your vulnerability management program and application security program
Francesco Cipollone

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO