CVE-2020-13597 MEDIUM

CVE-2020-13597: Calico nodes IPv6 traffic redirection from route advertisment

Vendor Tigera Inc
Product Calico
Weakness CWE-201
Published June 3, 2020
Last update September 16, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.

Key dates

02Disclosure timeline

June 3, 2020 CVE published
September 16, 2024 Record updated