CVE-2024-28248

Summary

CVE-2024-28248 is a cyber vulnerability that affects Cilium, a networking, observability, and security solution with an eBPF-based dataplane. In versions 1.13.9 and prior to 1.13.13, 1.14.8, and 1.15.2 of Cilium, there is a flaw where HTTP policies are not consistently applied to all traffic in their scope, resulting in incorrect and intermittent forwarding of HTTP traffic that should have been dropped. This issue has been patched in the later versions (1.15.2, 1.14.8, and 1.13.13) of Cilium software. There are currently no known workarounds for this vulnerability, which is rated as high severity with a base score of 7.2 according to the CVSS v3 scoring system. The impact of this vulnerability includes low integrity and confidentiality impacts but no availability impact on the affected organization's systems or data security. Note: The provided text does not contain specific details about how to remediate the vulnerability or the potential danger it poses to an organization beyond the mentioned impact scores and categories.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.