CVE-2020-1759 vulnerability in Red Hat and Other Products
Published on April 13, 2020
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Vulnerability Analysis
Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
Products Associated with CVE-2020-1759
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-1759 are published in these products:
Affected Versions
The Ceph Project ceph:- Version Red Hat Ceph Storage 4 is affected.
- Version Red Hat Openshift Container Storage 4.2 is affected.
Exploit Probability
EPSS
0.41%
Percentile
61.03%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.