Cilium Ingress Network Policy Bypass Vulnerability on Same-Node Traffic

A vulnerability exists in Cilium's handling of Ingress Network Policies for Layer 7 Services, such as Envoy and GAMMA, with a local backend on the same node. This issue affects Cilium versions prior to 1.17.14, 1.18.0 through 1.18.7, and 1.19.0 through 1.19.1. The vulnerability arises when Per-Endpoint Routing is enabled and BPF Host Routing is disabled, allowing traffic from pods to bypass the intended network policies. Per-Endpoint Routing is typically disabled by default but can be automatically enabled in certain cloud environments, including Cilium ENI on EKS, AlibabaCloud ENI, Azure IPAM, and some GKE deployments. The vulnerability is most commonly encountered in Amazon EKS with Cilium ENI mode.

Impact

Exploitation of this vulnerability can lead to a bypass of Ingress Network Policies, allowing unrestricted traffic from pods to Layer 7 Services with local backends on the same node.

Reproduction

To reproduce this vulnerability, deploy Cilium on a Kubernetes cluster using a cloud IPAM that enables Per-Endpoint Routing, such as Cilium ENI on EKS. Ensure that BPF Host Routing is disabled and that Ingress Network Policies are in place for a Layer 7 Service with a local backend on the same node. Traffic from pods to the Layer 7 Service will bypass the Ingress Network Policies, demonstrating the vulnerability.

Remediation

Upgrade to Cilium versions 1.17.14, 1.18.8, or 1.19.2, where this vulnerability has been patched.