CVE-2024-33522

CVSS 3.1 Score 6.7 of 10 (medium)

Details

Published Apr 29, 2024
CWE ID 269

Summary

CVE-2024-33522 is a vulnerability found in vulnerable versions of Calico, Calico Enterprise, and Calico Cloud. Specifically, versions v3.27.2 and below of Calico, versions v3.19.0-1, v3.18.1, v3.17.3 and below of Calico Enterprise, and version v19.2.0 and below of Calico Cloud are affected by this vulnerability. The vulnerability allows an attacker with local access to the Kubernetes node to escalate their privileges by exploiting a flaw in the Calico CNI install binary. This occurs due to incorrect SUID bit configuration in the binary, combined with the ability to control the input binary, enabling the attacker to execute an arbitrary binary with elevated privileges. This vulnerability has a base severity rating of MEDIUM and requires high privileges to exploit it. The impact includes high integrity and confidentiality impacts, as well as high availability impact if successfully exploited. Remediation for this vulnerability involves updating the affected versions of Calico, Calico Enterprise, and Calico Cloud to newer versions that have fixed this issue.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-33522 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options