CVE-2024-33522

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/projectcalico/calico/issues/7981
https://github.com/projectcalico/calico/pull/8447
https://github.com/projectcalico/calico/pull/8517
https://www.tigera.io/security-bulletins-tta-2024-001/

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-29 23:15

Updated : 2024-04-30 13:11

NVD link : CVE-2024-33522

Mitre link : CVE-2024-33522

CVE.ORG link : CVE-2024-33522

JSON object : View

Products Affected

No product.

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2024-33522", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@tigera.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2024-04-29T23:15:06.270", "references": [{"url": "https://github.com/projectcalico/calico/issues/7981", "source": "psirt@tigera.io"}, {"url": "https://github.com/projectcalico/calico/pull/8447", "source": "psirt@tigera.io"}, {"url": "https://github.com/projectcalico/calico/pull/8517", "source": "psirt@tigera.io"}, {"url": "https://www.tigera.io/security-bulletins-tta-2024-001/", "source": "psirt@tigera.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@tigera.io", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.\n"}, {"lang": "es", "value": "En versiones vulnerables de Calico (v3.27.2 e inferiores), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 e inferiores) y Calico Cloud (v19.2.0 e inferiores), un atacante que tiene acceso local al nodo de Kubernetes, pueden escalar sus privilegios explotando una vulnerabilidad en el binario de instalaci\u00f3n de Calico CNI. El problema surge de una configuraci\u00f3n incorrecta del bit SUID (Establecer ID de usuario) en el binario, combinada con la capacidad de controlar el binario de entrada, lo que permite a un atacante ejecutar un binario arbitrario con privilegios elevados."}], "lastModified": "2024-04-30T13:11:16.690", "sourceIdentifier": "psirt@tigera.io"}