Miggo Logo

CVE-2024-33522: Calico privilege escalation vulnerability

6.7

CVSS Score
3.1

Basic Information

EPSS Score
0.11213%
Published
4/30/2024
Updated
11/18/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/projectcalico/calicogo< 3.26.53.26.5
github.com/projectcalico/calicogo>= 3.27.0, < 3.27.33.27.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from two key elements: 1) The install binary's SUID configuration allowing root execution, and 2) The control flow that executes an external binary ('calico -v') without proper validation. The main install process in install.go was vulnerable because it created directories as root and executed untrusted binaries. The fixes in PR#8517 replaced binary execution with content verification, confirming these functions were problematic. The 'copyBinary' function's role in setting permissions and handling binaries contributed to the insecure configuration.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In vuln*r**l* v*rsions o* **li*o (v*.**.* *n* **low), **li*o *nt*rpris* (v*.**.*-*, v*.**.*, v*.**.* *n* **low), *n* **li*o *lou* (v**.*.* *n* **low), *n *tt**k*r w*o **s lo**l ****ss to t** Ku**rn*t*s no**, **n *s**l*t* t**ir privil***s *y *xploitin

Reasoning

T** vuln*r**ility st*ms *rom two k*y *l*m*nts: *) T** inst*ll *in*ry's SUI* *on*i*ur*tion *llowin* root *x**ution, *n* *) T** *ontrol *low t**t *x**ut*s *n *xt*rn*l *in*ry ('**li*o -v') wit*out prop*r v*li**tion. T** m*in inst*ll pro**ss in `inst*ll.