CVE-2020-1749

CWE-319Cleartext Transmission10 documents8 sources
Severity
7.5HIGH
EPSS
0.2%
top 63.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Kernel KernelRedhat Enterprise LinuxRedhat Enterprise MRG
Timeline
PublishedSep 9
Latest updateMay 24

Description

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5linux_kernel/kernel5.5
Debianlinux< 5.4.6-1+3

Also affects: Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-pw98-cq7c-645p: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv62022-05-24
OSV
CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv62020-09-09
CVEList
CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv62020-09-09

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2020-06-11
Ubuntu
Linux kernel vulnerabilities2020-06-11
Ubuntu
Linux kernel vulnerabilities2020-06-09
Red Hat
kernel: some ipv6 protocols not encrypted over ipsec tunnel2020-03-04
Debian
CVE-2020-1749: linux - A flaw was found in the Linux kernel's implementation of some networking protoco...2020

💬Community

1
Bugzilla
CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel2020-03-04