Lucene search

K
cve[email protected]CVE-2023-27595
HistoryMar 17, 2023 - 10:15 p.m.

CVE-2023-27595

2023-03-1722:15:11
CWE-755
web.nvd.nist.gov
27
cilium
networking
observability
security
ebpf
dataplane
cve-2023-27595
vulnerability
disruption
load balancing
network policy
kubernetes pods
host firewall

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium’s featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.

Affected configurations

Vulners
NVD
Node
ciliumciliumMatch1.13.0
VendorProductVersionCPE
ciliumcilium1.13.0cpe:2.3:a:cilium:cilium:1.13.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "cilium",
    "product": "cilium",
    "versions": [
      {
        "version": "= 1.13.0",
        "status": "affected"
      }
    ]
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

Related for CVE-2023-27595