#VU31794 Insufficient verification of data authenticity in CNI Plugins


Published: 2020-07-24

Vulnerability identifier: #VU31794

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-10749

CWE-ID: CWE-345

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
CNI Plugins
Server applications / Other server solutions

Vendor: CNI

Description

The vulnerability allows a remote attacker to perform a man-in-the-Middle attack.

The vulnerability exists due to insufficient verification of data authenticity in CNI plugins when processing IPV6 router advertisements. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

CNI Plugins: 0.1.0 - 0.8.5

External links
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749
http://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


SUSE update for cni-plugins
Red Hat Enterprise Linux 8 update for the container-tools:rhel8 module
OpenSUSE Linux update for cni-plugins
OpenSUSE Linux update for cni-plugins
MitM attack in CNI Plugins
Red Hat OpenShift Container Platform 4.2 update for containernetworking-plugins
Red Hat Enterprise Linux 7 Extras update for containernetworking-plugins
Red Hat OpenShift Container Platform 4.4 update for containernetworking-plugins
Red Hat OpenShift Container Platform 4.3 update for containernetworking-plugins