6.8
CVE-2020-1759
- EPSS 0.41%
- Veröffentlicht 13.04.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:11:19
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Ceph Storage Version4.0
Linuxfoundation ≫ Ceph Version < 14.2.21
Fedoraproject ≫ Fedora Version31
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.585 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| secalert@redhat.com | 6.4 | 1.2 | 5.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-323 Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.