6.8
CVE-2020-1759
- EPSS 0.41%
- Published 13.04.2020 13:15:13
- Last modified 21.11.2024 05:11:19
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Ceph Storage Version4.0
Linuxfoundation ≫ Ceph Version < 14.2.21
Fedoraproject ≫ Fedora Version31
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.585 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 1.6 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| secalert@redhat.com | 6.4 | 1.2 | 5.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-323 Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.