Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-33522

Summary
Assigner-Tigera
Assigner Org ID-e6d453f4-3dae-4941-bcea-9af25f4e824d
Published At-29 Apr, 2024 | 22:19
Updated At-02 Aug, 2024 | 02:36
Rejected At-
Credits

Privilege escalation in Calico CNI install binary

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Tigera
Assigner Org ID:e6d453f4-3dae-4941-bcea-9af25f4e824d
Published At:29 Apr, 2024 | 22:19
Updated At:02 Aug, 2024 | 02:36
Rejected At:
▼CVE Numbering Authority (CNA)
Privilege escalation in Calico CNI install binary

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

Affected Products
Vendor
Tigera
Product
Calico
Package Name
cni-plugin
Repo
https://www.tigera.io/tigera-products/calico/
Default Status
unaffected
Versions
Affected
  • From 0 before v3.26.5 (semver)
  • From v3.27.0 before v3.27.3 (semver)
Unaffected
  • v3.28.0
Vendor
Tigera
Product
Calico Enterprise
Package Name
cni-plugin
Default Status
unaffected
Versions
Affected
  • From 0 before v3.17.4 (semver)
  • From v3.18.0 before v3.18.2 (semver)
  • From v3.19.0-1.0 before v3.19.0-2.0 (semver)
Vendor
Tigera
Product
Calico Cloud
Package Name
cni-plugin
Default Status
unaffected
Versions
Affected
  • From 0 before v19.3.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Christopher Alonso (Github: @latortuga71)
remediation reviewer
Anthony Tam
remediation verifier
Behnam Shobiri
remediation developer
Pedro Coutinho
remediation reviewer
Matt Dupre
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/projectcalico/calico/issues/7981
exploit
issue-tracking
https://github.com/projectcalico/calico/pull/8447
patch
https://github.com/projectcalico/calico/pull/8517
patch
https://www.tigera.io/security-bulletins-tta-2024-001/
vendor-advisory
Hyperlink: https://github.com/projectcalico/calico/issues/7981
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/projectcalico/calico/pull/8447
Resource:
patch
Hyperlink: https://github.com/projectcalico/calico/pull/8517
Resource:
patch
Hyperlink: https://www.tigera.io/security-bulletins-tta-2024-001/
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
tigera
Product
calico
CPEs
  • cpe:2.3:a:tigera:calico:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before v3.26.5 (semver)
  • From v3.27.0 before v3.27.3 (semver)
Unaffected
  • v3.28.0
Vendor
tigera
Product
calico_enterprise
CPEs
  • cpe:2.3:a:tigera:calico_enterprise:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before v3.17.4 (semver)
  • From v3.18.0 before v3.18.2 (semver)
  • From v3.19.0-1.0 before v3.19.0-2.0 (semver)
Vendor
tigera
Product
calico_cloud
CPEs
  • cpe:2.3:a:tigera:calico_cloud:*:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 0 before v19.3.0 (semver)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/projectcalico/calico/issues/7981
exploit
issue-tracking
x_transferred
https://github.com/projectcalico/calico/pull/8447
patch
x_transferred
https://github.com/projectcalico/calico/pull/8517
patch
x_transferred
https://www.tigera.io/security-bulletins-tta-2024-001/
vendor-advisory
x_transferred
Hyperlink: https://github.com/projectcalico/calico/issues/7981
Resource:
exploit
issue-tracking
x_transferred
Hyperlink: https://github.com/projectcalico/calico/pull/8447
Resource:
patch
x_transferred
Hyperlink: https://github.com/projectcalico/calico/pull/8517
Resource:
patch
x_transferred
Hyperlink: https://www.tigera.io/security-bulletins-tta-2024-001/
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@tigera.io
Published At:29 Apr, 2024 | 23:15
Updated At:15 Apr, 2026 | 00:35

In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.7MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondarypsirt@tigera.io
CWE ID: CWE-269
Type: Secondary
Source: psirt@tigera.io
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/projectcalico/calico/issues/7981psirt@tigera.io
N/A
https://github.com/projectcalico/calico/pull/8447psirt@tigera.io
N/A
https://github.com/projectcalico/calico/pull/8517psirt@tigera.io
N/A
https://www.tigera.io/security-bulletins-tta-2024-001/psirt@tigera.io
N/A
https://github.com/projectcalico/calico/issues/7981af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/projectcalico/calico/pull/8447af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/projectcalico/calico/pull/8517af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tigera.io/security-bulletins-tta-2024-001/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/projectcalico/calico/issues/7981
Source: psirt@tigera.io
Resource: N/A
Hyperlink: https://github.com/projectcalico/calico/pull/8447
Source: psirt@tigera.io
Resource: N/A
Hyperlink: https://github.com/projectcalico/calico/pull/8517
Source: psirt@tigera.io
Resource: N/A
Hyperlink: https://www.tigera.io/security-bulletins-tta-2024-001/
Source: psirt@tigera.io
Resource: N/A
Hyperlink: https://github.com/projectcalico/calico/issues/7981
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/projectcalico/calico/pull/8447
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/projectcalico/calico/pull/8517
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tigera.io/security-bulletins-tta-2024-001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

53Records found
CVE-2011-2910
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.13% / 32.27%
||
7 Day CHG~0.00%
Published-15 Nov, 2019 | 16:37
Updated-06 Aug, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.

Action-Not Available
Vendor-linux-ax25ax25-toolsDebian GNU/Linux
Product-debian_linuxax25-toolsax25-tools
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-1447
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 6.78%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 12:40
Updated-08 Nov, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Content Security Management Appliance Privilege Escalation Vulnerability

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges to root. This vulnerability is due to a procedural flaw in the password generation algorithm. An attacker could exploit this vulnerability by enabling specific Administrator-only features and connecting to the appliance through the CLI with elevated privileges. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. To exploit this vulnerability, the attacker must have valid Administrator credentials.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-content_security_management_applianceCisco Content Security Management Appliance (SMA)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-26057
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 9.37%
||
7 Day CHG~0.00%
Published-15 Jun, 2022 | 18:47
Updated-16 Sep, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mint WorkBench Link Following Local Privilege Escalation Vulnerability

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product

Action-Not Available
Vendor-ABB
Product-mint_workbenchMint WorkBench
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • Next
Details not found