cve-2022-23635
Vulnerability from cvelistv5
Published
2022-02-22 22:00
Modified
2024-08-03 03:51
Summary
Unauthenticated control plane denial of service attack in Istio
Impacted products
istioistio
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:45.891Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://istio.io/latest/news/security/istio-security-2022-003"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "istio",
          "vendor": "istio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.13.0, \u003c 1.13.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.12.0, \u003c 1.12.4"
            },
            {
              "status": "affected",
              "version": "\u003c 1.11.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-22T22:00:13",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://istio.io/latest/news/security/istio-security-2022-003"
        }
      ],
      "source": {
        "advisory": "GHSA-856q-xv3c-7f2f",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated control plane denial of service attack in Istio",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23635",
          "STATE": "PUBLIC",
          "TITLE": "Unauthenticated control plane denial of service attack in Istio"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "istio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.13.0, \u003c 1.13.1"
                          },
                          {
                            "version_value": "\u003e= 1.12.0, \u003c 1.12.4"
                          },
                          {
                            "version_value": "\u003c 1.11.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "istio"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f",
              "refsource": "CONFIRM",
              "url": "https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f"
            },
            {
              "name": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84",
              "refsource": "MISC",
              "url": "https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84"
            },
            {
              "name": "https://istio.io/latest/news/security/istio-security-2022-003",
              "refsource": "MISC",
              "url": "https://istio.io/latest/news/security/istio-security-2022-003"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-856q-xv3c-7f2f",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23635",
    "datePublished": "2022-02-22T22:00:13",
    "dateReserved": "2022-01-19T00:00:00",
    "dateUpdated": "2024-08-03T03:51:45.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23635\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-22T22:15:07.620\",\"lastModified\":\"2023-07-13T16:32:55.903\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.\"},{\"lang\":\"es\",\"value\":\"Istio es una plataforma abierta para conectar, gestionar y asegurar microservicios. En las versiones afectadas, el plano de control de Istio, `istiod`, es vulnerable a un error de procesamiento de solicitudes, lo que permite a un atacante malicioso que env\u00ede un mensaje especialmente dise\u00f1ado que resulte en la ca\u00edda del plano de control. Este punto final se sirve a trav\u00e9s del puerto 15012 de TLS, pero no requiere ninguna autenticaci\u00f3n por parte del atacante. Para instalaciones sencillas, Istiod normalmente s\u00f3lo es alcanzable desde dentro del cl\u00faster, limitando el radio de explosi\u00f3n. Sin embargo, para algunos despliegues, especialmente las topolog\u00edas [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/), este puerto est\u00e1 expuesto a trav\u00e9s de la Internet p\u00fablica. No hay medidas de mitigaci\u00f3n adicionales efectivas, m\u00e1s all\u00e1 de la actualizaci\u00f3n. Limitar el acceso a la red a Istiod al conjunto m\u00ednimo de clientes puede ayudar a reducir el alcance de la vulnerabilidad hasta cierto punto\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1284\"}]},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.7\",\"matchCriteriaId\":\"5F628089-4585-4D6E-9524-F8058D3CAA72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12.0\",\"versionEndExcluding\":\"1.12.4\",\"matchCriteriaId\":\"B682D44E-A685-43A4-80DE-BE04BA1D13AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.13.0\",\"versionEndExcluding\":\"1.13.1\",\"matchCriteriaId\":\"9D493CB7-63C8-4B0A-A2F4-5697943803B0\"}]}]}],\"references\":[{\"url\":\"https://github.com/istio/istio/commit/5f3b5ed958ae75156f8656fe7b3794f78e94db84\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/istio/istio/security/advisories/GHSA-856q-xv3c-7f2f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://istio.io/latest/news/security/istio-security-2022-003\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.