Authentication bypass in Red Hat Ceph Storage 4



Published: 2020-12-04
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-25660
CWE-ID CWE-288
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat Ceph Storage
Server applications / File servers (FTP/HTTP)

ceph (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Authentication bypass using an alternate path or channel

EUVDB-ID: #VU48684

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-25660

CWE-ID: CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform  replay attacks in Nautilus.

The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Ceph Storage: 4.0

ceph (Red Hat package): 14.2.8-111.el7cp - 14.2.8-111.el8cp

External links

http://access.redhat.com/errata/RHSA-2020:5325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###