Main Vulnerability Database Exploits ID:3587 - Exploit for Insufficient verification of data authenticity in CNI Plugins - CVE-2020-10749

ID:3587 - Exploit for Insufficient verification of data authenticity in CNI Plugins - CVE-2020-10749

Published: July 24, 2020

Vulnerability identifier: #VU31794

Vulnerability risk: Low

CVE-ID: CVE-2020-10749

CWE-ID: CWE-345

Exploitation vector: Remote access

Vulnerable software:
CNI Plugins

Link to public exploit:

https://github.com/knqyf263/CVE-2020-10749

Vulnerability description

The vulnerability allows a remote attacker to perform a man-in-the-Middle attack.

The vulnerability exists due to insufficient verification of data authenticity in CNI plugins when processing IPV6 router advertisements. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Remediation

Install updates from vendor's website.

ID:3587 - Exploit for Insufficient verification of data authenticity in CNI Plugins - CVE-2020-10749

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human