Skip to main content

Ceph CVE-2020-25660

HIGH
Authentication Bypass by Capture-replay (CWE-294)
2020-11-23 secalert@redhat.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 23, 2020 - 22:15 nvd
HIGH 8.8

DescriptionNVD

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.

AnalysisAI

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-294. A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. Affected products include: Redhat Ceph, Redhat Ceph Storage, Redhat Openshift Container Platform, Fedoraproject Fedora. Version information: before 15.2.6.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Ceph

View all
CVE-2016-7031 HIGH POC
7.5 Oct 03

The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list

CVE-2022-0670 CRITICAL
9.1 Jul 25

A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manil

CVE-2018-10861 HIGH
8.1 Jul 10

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remote

CVE-2020-10736 HIGH
8.0 Jun 22

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr d

CVE-2020-12059 HIGH
7.5 Apr 22

An issue was discovered in Ceph through 13.2.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitab

CVE-2020-1699 HIGH
7.5 Apr 21

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph

CVE-2019-10222 HIGH
7.5 Nov 08

A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. Rated high severity

CVE-2018-1128 HIGH
7.5 Jul 10

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attac

CVE-2018-7262 HIGH
7.5 Mar 19

In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc RGWCivetWeb::init_env function in radosgw doesn't han

CVE-2021-20288 HIGH
7.2 Apr 15

An authentication flaw was found in ceph in versions before 14.2.20. Rated high severity (CVSS 7.2), this vulnerability

CVE-2020-27781 HIGH
7.1 Dec 18

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential pr

CVE-2020-1759 MEDIUM
6.8 Apr 13

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vul

Share

CVE-2020-25660 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy