FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation
Published Tue, Jun 28th, 2022
Platforms
Summary
A vulnerability in Service Fabric allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. An attacker would need to have read/write access to the cluster, and the vulnerability could be exploited on containers that are configured to have runtime access, but this is granted by default to every container. Though the bug exists in both the Windows and Linux versions, it is only exploitable on Linux.
Affected Services
Service Fabric
Remediation
Users can check their current Service Fabric version by navigating to their Service Fabric cluster in the Azure console and then clicking on "Fabric upgrades". If the Fabric upgrade mode is configured to "Automatic", the cluster will be updated automatically to the latest secure version. If Fabric upgrade mode is configured to "Manual", customers must update it manually to the latest version (9.0.1035.1 or higher).
Tracked CVEs
cve-2022-30137
References
Contributed by https://github.com/leszekgrzegorek
Entry Status
Finalized
Disclosure Date
Tue, Jun 14th, 2022
Exploitability Period
until 2022/05/24
Known ITW Exploitation
-
Detection Methods
Linux Service Fabric runtime < 9.0.1035.1
Piercing Index Rating
4.02
(PI:1.5/A3:1.05/A4:1.05/A5:1.05/A6:3/A7:1.1/A8:1.1)
Discovered by
Aviv Sasson, Palo Alto Networks
