Cilium
CVE-2023-27594
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled.
This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default.
The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.
AnalysisAI
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-285. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing. Affected products include: Cilium.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.7
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.5)
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today