CVE-2023-27593

Name: CVE-2023-27593
Creator: NVD / NIST
Published: 2023-03-17T20:15:13.43+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.22%

Last modified Jun 17, 2026

CVE-2023-27593 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible.

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.22%

12.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-276

Affected Software

Vendor	Product	Versions
Cilium	Cilium	< 1.11.15
Cilium	Cilium	>= 1.12.0, < 1.12.8
Cilium	Cilium	>= 1.13.0, < 1.13.1

References

https://github.com/cilium/cilium/pull/24075Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.11.15Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.12.8Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.13.1Third Party Advisory
https://github.com/cilium/cilium/security/advisories/GHSA-4hc4-pgfx-3mrxThird Party Advisory
https://kubernetes.io/docs/reference/access-authn-authz/rbac/Third Party Advisory
https://github.com/cilium/cilium/pull/24075Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.11.15Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.12.8Third Party Advisory
https://github.com/cilium/cilium/releases/tag/v1.13.1Third Party Advisory
https://github.com/cilium/cilium/security/advisories/GHSA-4hc4-pgfx-3mrxThird Party Advisory
https://kubernetes.io/docs/reference/access-authn-authz/rbac/Third Party Advisory

Timeline

Published: Mar 17, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-27593?

How severe is CVE-2023-27593?

CVE-2023-27593 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.

How do I fix CVE-2023-27593?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-27593?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST