CVE-2020-1749

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749

https://security.netapp.com/advisory/ntap-20201222-0001/

Details

Source: MITRE

Published: 2020-09-09

Updated: 2020-12-22

Type: CWE-319

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
149716SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1623-1)NessusSuSE Local Security Checks
high
149633SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1617-1)NessusSuSE Local Security Checks
high
148386SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1074-1)NessusSuSE Local Security Checks
high
147875SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0835-1)NessusSuSE Local Security Checks
high
146282openSUSE Security Update : RT kernel (openSUSE-2021-242)NessusSuSE Local Security Checks
high
146055RHEL 7 : kernel-alt (RHSA-2021:0354)NessusRed Hat Local Security Checks
high
145850CentOS 8 : kernel (CESA-2020:1769)NessusCentOS Local Security Checks
critical
143840SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2623-1)NessusSuSE Local Security Checks
high
143784SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3014-1)NessusSuSE Local Security Checks
high
143772SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3219-1)NessusSuSE Local Security Checks
high
143767SUSE SLES15 Security Update : kernel (SUSE-SU-2020:2610-1)NessusSuSE Local Security Checks
high
143692SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3648-1)NessusSuSE Local Security Checks
high
143666SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3656-1)NessusSuSE Local Security Checks
high
141727Scientific Linux Security Update : kernel on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141619CentOS 7 : kernel (CESA-2020:4060)NessusCentOS Local Security Checks
high
141374OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)NessusOracleVM Local Security Checks
critical
141207Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)NessusOracle Linux Local Security Checks
critical
141057RHEL 7 : kernel (RHSA-2020:4060)NessusRed Hat Local Security Checks
high
141026RHEL 7 : kernel-rt (RHSA-2020:4062)NessusRed Hat Local Security Checks
high
140475SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2575-1)NessusSuSE Local Security Checks
high
140449SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2574-1)NessusSuSE Local Security Checks
high
140385SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2540-1) (Spectre)NessusSuSE Local Security Checks
high
140384SUSE SLES12 Security Update : kernel (SUSE-SU-2020:2502-1)NessusSuSE Local Security Checks
critical
140365openSUSE Security Update : the Linux Kernel (openSUSE-2020-1325) (Spectre)NessusSuSE Local Security Checks
high
138766NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)NessusNewStart CGSL Local Security Checks
critical
138304SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1779-1)NessusSuSE Local Security Checks
high
137805EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1698)NessusHuawei Local Security Checks
medium
137547SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1486-1)NessusSuSE Local Security Checks
high
137391Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-163-01)NessusSlackware Local Security Checks
medium
137301Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4391-1)NessusUbuntu Local Security Checks
medium
137300Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4390-1)NessusUbuntu Local Security Checks
medium
137298Ubuntu 18.04 LTS : linux-gke-5.0, linux-oem-osp1 vulnerabilities (USN-4388-1)NessusUbuntu Local Security Checks
medium
137283Debian DLA-2241-2 : linux security updateNessusDebian Local Security Checks
medium
137100Amazon Linux AMI : kernel (ALAS-2020-1377)NessusAmazon Linux Local Security Checks
medium
137088Amazon Linux 2 : kernel (ALAS-2020-1431)NessusAmazon Linux Local Security Checks
medium
136239EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1536)NessusHuawei Local Security Checks
critical
136116RHEL 8 : kernel-rt (RHSA-2020:1567)NessusRed Hat Local Security Checks
critical
136115RHEL 8 : kernel (RHSA-2020:1769)NessusRed Hat Local Security Checks
critical
135741EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1508)NessusHuawei Local Security Checks
medium
135224SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0868-1)NessusSuSE Local Security Checks
high