CVE-2024-52529

MEDIUM EPSS 39.4%
Published Nov 25, 20241y ago · Modified Jun 17, 20262w ago
5.8 CVSS 3.1
Medium
Find Similar
Published Nov 25, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic.

CVSS Details

Base Score
5.8
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Changed
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
39.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-755

Affected Products 1

VendorProductVersionRange
ciliumcilium*≥1.16.0  –  <1.16.4

References 2

  • github.com https://github.com/cilium/cilium/pull/35150
    Patch
  • github.com https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/cilium/cilium/pull/35150
    Patch
  • github.com https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67
    PatchThird Party Advisory