{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/harvester/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Harvester"],"_cs_severities":["medium"],"_cs_tags":["mitm","denial-of-service","virtualization"],"_cs_type":"advisory","_cs_vendors":["SUSE"],"content_html":"\u003cp\u003eSUSE Harvester, a hyperconverged infrastructure (HCI) solution, integrates with Rancher to manage Kubernetes clusters. A vulnerability exists in the cluster registration process. The registration client, responsible for establishing communication between Harvester and Rancher, uses an insecure TLS configuration by default, failing to validate the remote server\u0026rsquo;s certificate. This vulnerability, discovered in versions prior to 1.8.0, allows an attacker with network-level access to intercept and manipulate the TLS handshake, potentially redirecting cluster registration requests to a malicious server. Successful exploitation can result in unauthorized access and control over the Harvester cluster or lead to a denial of service condition due to a memory buffer overflow when processing unvalidated response payloads.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains network-level access between the SUSE Virtualization instance and the Rancher Manager.\u003c/li\u003e\n\u003cli\u003eThe Harvester registration client attempts to establish a TLS connection with the Rancher Manager using the insecure default configuration.\u003c/li\u003e\n\u003cli\u003eAttacker intercepts the TLS handshake.\u003c/li\u003e\n\u003cli\u003eAttacker presents a fraudulent certificate to the Harvester registration client. Due to the lack of certificate validation, the client accepts the certificate.\u003c/li\u003e\n\u003cli\u003eThe Harvester registration client sends cluster registration requests to the attacker-controlled server.\u003c/li\u003e\n\u003cli\u003eAttacker\u0026rsquo;s server sends a crafted response payload back to the Harvester registration client.\u003c/li\u003e\n\u003cli\u003eThe Harvester registration client processes the response payload without proper size validation.\u003c/li\u003e\n\u003cli\u003eA memory buffer overflow occurs, leading to a crash of the SUSE Virtualization registration controller, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to perform a man-in-the-middle attack and potentially gain unauthorized access to the SUSE Harvester cluster. Furthermore, the vulnerability can be exploited to cause a denial-of-service condition by crashing the SUSE Virtualization registration controller. While the exact number of affected installations is unknown, organizations using SUSE Harvester versions prior to 1.8.0 are at risk. Sectors commonly using virtualization technologies, such as cloud service providers, financial institutions, and research organizations, are potentially affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade SUSE Virtualization to version 1.8.0 or later to patch the vulnerability as recommended by the vendor.\u003c/li\u003e\n\u003cli\u003eAs a workaround, restrict access to the \u003ccode\u003ecluster-registration-url\u003c/code\u003e setting to authorized cluster administrators.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-09T12:00:00Z","date_published":"2024-01-09T12:00:00Z","id":"/briefs/2024-01-harvester-rancher-mitm/","summary":"SUSE Harvester's Rancher integration mechanism is vulnerable to a man-in-the-middle attack due to insecure TLS options, potentially leading to denial of service.","title":"SUSE Harvester Rancher Integration Vulnerable to MITM and DOS","url":"https://feed.craftedsignal.io/briefs/2024-01-harvester-rancher-mitm/"}],"language":"en","title":"CraftedSignal Threat Feed — Harvester","version":"https://jsonfeed.org/version/1.1"}