CVE-2020-35470 : What You Need to Know
Learn about CVE-2020-35470 affecting Envoy before 1.16.1, leading to incorrect downstream address logging. Find mitigation steps and preventive measures here.
Envoy before 1.16.1 logs an incorrect downstream address due to a vulnerability in handling proxy protocol headers.
Understanding CVE-2020-35470
This CVE involves Envoy versions prior to 1.16.1 and impacts situations using tcp-proxy as the network filter.
What is CVE-2020-35470?
Envoy versions before 1.16.1 incorrectly log downstream addresses by only considering the directly connected peer, neglecting information in the proxy protocol header.
The Impact of CVE-2020-35470
The vulnerability affects environments utilizing tcp-proxy as the network filter, potentially leading to incorrect downstream address logging.
Technical Details of CVE-2020-35470
This section provides in-depth technical insights into the CVE.
Vulnerability Description
Envoy before version 1.16.1 mishandles downstream address logging, leading to inaccuracies in situations with tcp-proxy as the network filter.
Affected Systems and Versions
- Affected Product: Envoy
- Affected Version: <1.16.1
Exploitation Mechanism
The vulnerability arises due to Envoy's failure to consider information in the proxy protocol header, resulting in incorrect downstream address logging.
Mitigation and Prevention
Protect your systems from CVE-2020-35470 with these mitigation strategies.
Immediate Steps to Take
- Update Envoy to version 1.16.1 or newer to mitigate the vulnerability.
- Monitor network logs for any suspicious activity related to downstream address logging.
Long-Term Security Practices
- Implement network segmentation to limit the impact of potential breaches.
- Regularly review and update network filter configurations to enhance security.
Patching and Updates
- Apply patches and updates provided by Envoy promptly to address security vulnerabilities.