7.5

CVE-2020-25645

Exploit

EPSS 0.1%
Veröffentlicht 13.10.2020 20:15:12
Zuletzt bearbeitet 21.11.2024 05:18:19
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.9.0

Linux ≫ Linux Kernel Version5.9.0 Update-

Linux ≫ Linux Kernel Version5.9.0 Updaterc1

Linux ≫ Linux Kernel Version5.9.0 Updaterc2

Linux ≫ Linux Kernel Version5.9.0 Updaterc3

Linux ≫ Linux Kernel Version5.9.0 Updaterc4

Linux ≫ Linux Kernel Version5.9.0 Updaterc5

Linux ≫ Linux Kernel Version5.9.0 Updaterc6

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Netapp ≫ Solidfire & Hci Management Node Version-

Netapp ≫ Solidfire & Hci Storage Node Version-

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Netapp ≫ Hci Compute Node Bios Version-

Netapp ≫ Hci Compute Node Version-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.276

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://lists.debian.org/debian-lts-announce/2020/10/msg00028.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2020/dsa-4774

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00035.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00042.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/161229/Kernel-Live-Patch-Security-Notice-LSN-0074-1.html

Third Party Advisory

VDB Entry

https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html

Third Party Advisory

Mailing List

https://bugzilla.redhat.com/show_bug.cgi?id=1883988

Patch

Vendor Advisory

Exploit

Issue Tracking

https://security.netapp.com/advisory/ntap-20201103-0004/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25645

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25645

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25645

EUVD