cbcvebase.
CVE-2020-1749
published 2020-09-09

CVE-2020-1749: A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.23%
65.2th percentile
A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianlinux< linux 5.4.6-1 (bookworm)linux 5.4.6-1 (bookworm)
linuxlinux_kernel>= 0 < 5.4.6-15.4.6-1
linuxlinux_kernel>= 0 < 5.4.6-15.4.6-1
linuxlinux_kernel>= 0 < 5.4.6-15.4.6-1
linuxlinux_kernel>= 0 < 5.4.6-15.4.6-1
linuxlinux_kernel>= 0 < 4.4.0-184.2144.4.0-184.214
linuxlinux_kernel>= 0 < 4.15.0-106.1074.15.0-106.107
linux_kernelkernel
redhatenterprise_linux
redhatenterprise_mrg

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.