← Volver a CVEs
CVE-2020-1749
HIGH7.5
Descripcion
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/9/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
linux:linux_kernelredhat:enterprise_linuxredhat:enterprise_mrg
Debilidades (CWE)
CWE-319CWE-319
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20201222-0001/(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20201222-0001/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.