CVE-2024-28860

Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.13.13 Cilium versions prior to 1.14.9 Cilium versions prior to 1.15.3

Description Cilium, a networking, observability, and security solution with an eBPF-based dataplane, has a vulnerability in its IPsec transparent encryption. Users may be vulnerable to cryptographic attacks, including chosen plaintext, key recovery, and replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. The vulnerability is resolved in fixed versions of Cilium, which use unique keys for each IPsec tunnel established between nodes.

Recommendations For Cilium versions prior to 1.13.13, upgrade to version 1.13.13 or later. For Cilium versions prior to 1.14.9, upgrade to version 1.14.9 or later. For Cilium versions prior to 1.15.3, upgrade to version 1.15.3 or later. After upgrading, perform a key rotation using the instructions provided in the Cilium documentation to ensure that the IPsec tunnels are secure.