Cilium Vulnerable to Cryptographic Attacks
CVE-2024-28860

8HIGH

Key Information:

Vendor

Cilium

Status
Cilium
Vendor
CVE Published:
27 March 2024

What is CVE-2024-28860?

Cilium, an innovative networking and security solution utilizing eBPF, has a vulnerability that can be exploited when users implement IPsec transparent encryption. Specifically, this flaw exposes users to various attacks, including chosen plaintext, key recovery, and replay attacks conducted by a man-in-the-middle. The core issue arises from ESP sequence number collisions due to multiple nodes sharing the same encryption key. This weakness can potentially compromise encrypted data. To mitigate this vulnerability, updated versions of Cilium have been released, employing unique keys for each IPsec tunnel between nodes, effectively closing off possible attack vectors.

Affected Version(s)

cilium >= 1.4.0, <= 1.13.14 <= 1.4.0, 1.13.14

cilium >= 1.14.0, < 1.14.9 < 1.14.0, 1.14.9

cilium >= 1.15.0, < 1.15.3 < 1.15.0, 1.15.3

References

https://github.com/cilium/cilium/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/cilium/cilium/commit/311fbce5280491cdd...
x_refsource_MISC
https://github.com/cilium/cilium/commit/a1742b478306fa256...
x_refsource_MISC

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-28860 : Cilium Vulnerable to Cryptographic Attacks