CVE-2020-1759
moderate-risk
Published 2020-04-13
A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks.
Do I need to act?
-
0.41% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.4/10
Medium
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (5)
Affected Vendors
References (6)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759
Third Party Advisory
https://security.gentoo.org/glsa/202105-39
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1759
Third Party Advisory
https://security.gentoo.org/glsa/202105-39
31
/ 100
moderate-risk
Severity
17/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
12/34 · Low