SUSE update for cni-plugins
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-10749 CVE-2021-20206 |
| CWE-ID | CWE-345 CWE-424 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Module for Public Cloud Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system cni-plugins Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Insufficient verification of data authenticity
EUVDB-ID: #VU31794
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-10749
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-Middle attack.
The vulnerability exists due to insufficient verification of data authenticity in CNI plugins when processing IPV6 router advertisements. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
MitigationUpdate the affected package cni-plugins to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE Linux Enterprise High Performance Computing: 15
SUSE Linux Enterprise Server: 15-SP2
cni-plugins: before 0.8.6-150000.1.7.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224151-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper Protection of Alternate Path
EUVDB-ID: #VU55590
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20206
CWE-ID:
CWE-424 - Improper Protection of Alternate Path
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
the vulnerability exists due to improper input validation. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows a remote user to execute other existing binaries other than the cni plugins/types, such as 'reboot'.
MitigationUpdate the affected package cni-plugins to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE Linux Enterprise High Performance Computing: 15
SUSE Linux Enterprise Server: 15-SP2
cni-plugins: before 0.8.6-150000.1.7.1
External linkshttp://www.suse.com/support/update/announcement/2022/suse-su-20224151-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
