CVE-2024-52529
CVSS 3.1 Score 5.8 of 10 (medium)
Details
Summary
CVE-2024-52529 is a vulnerability affecting Cilium, a networking, observability, and security solution. For users with specific configurations, including an allow policy with a Layer 3 destination and a port range, as well as a Layer 7 allow policy for a port within the first policy's range, Layer 7 enforcement will not apply to the selected traffic. This issue only impacts users utilizing Cilium's port range functionality, introduced in Cilium v1.16. The vulnerability is patched in Cilium v1.16.4. Users employing network policies with the described pattern should update their software or modify their policies to individually specify permitted ports to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cilium