CVE-2024-52529

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Nov 25, 2024
CWE ID 755

Summary

CVE-2024-52529 is a vulnerability affecting Cilium, a networking, observability, and security solution. For users with specific configurations, including an allow policy with a Layer 3 destination and a port range, as well as a Layer 7 allow policy for a port within the first policy's range, Layer 7 enforcement will not apply to the selected traffic. This issue only impacts users utilizing Cilium's port range functionality, introduced in Cilium v1.16. The vulnerability is patched in Cilium v1.16.4. Users employing network policies with the described pattern should update their software or modify their policies to individually specify permitted ports to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share