I’M UNDER A CYBER ATTACK

Alert

Alert 2024-54: Vulnerabilities in Kubernetes Images: CVE-2024-9486 and CVE-2024-9594

Description:

The vulnerabilities CVE-2024-9486 and CVE-2024-9594, identified in the image creation process in Kubernetes, are due to the use of default credentials that can expose systems to unauthorized access and manipulation.

CVE-2024-9486, with a CVSS score of 9.8, affects virtual machine images generated in Proxmox. This vulnerability stems from the failure to disable default credentials, allowing an attacker with access to them to gain full control of the system, representing a critical risk.

On the other hand, CVE-2024-9594, with a CVSS score of 6.3, impacts images created with providers like Nutanix, OVA, QEMU, and headless environments. Although the default credentials are disabled after the creation process, there is a window of risk during the image-building process.

Download PDF

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.