Istio Improper Internet Access Control Vulnerability

By GIXnews


A vulnerability in Istio could allow an unauthenticated, adjacent attacker to gain unauthorized access to a targeted system.

The vulnerability exists because policy enforcement is disabled by default in the default installation profile of the affected software. An attacker could exploit this vulnerability to gain unauthorized access to a targeted system. A successful exploit could be used to conduct further attacks.

Istio has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-12243

Source:: Cisco Multivendor Vulnerability Alerts