CVE-2024-49214 — Authentication Bypass by Spoofing in Haproxy

CWE-290 — Authentication Bypass by Spoofing CWE-940 — Improper Verification of Source of a Communication Channel6 documents6 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 71.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Haproxy Debian Haproxy Msrc Cbl2 Haproxy 2.4.24-1 ON CBL Mariner 2.0

Timeline

PublishedOct 14

Description

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶debiandebian/haproxy< haproxy 2.9.11-1 (forky)

▶Debianhaproxy/haproxy< 2.9.11-1+1

▶msrcmsrc/cbl2_haproxy_2.4.24-1_on_cbl_mariner_2.0

🔴Vulnerability Details

OSV

CVE-2024-49214: QUIC in HAProxy 3↗2024-10-14

▶

GHSA

GHSA-8jgf-8r3g-hxh8: QUIC in HAProxy 3↗2024-10-14

▶

📋Vendor Advisories

Red Hat

haproxy: Spoofed IP Bypass in HAProxy QUIC Listener 0-RTT Sessions↗2024-10-14

▶

Microsoft

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.↗2024-10-08

▶

Debian

CVE-2024-49214: haproxy - QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9....↗2024

▶