Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.0
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2021-3121 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 CVE-2020-14351 CVE-2020-15436 CVE-2020-25705 CVE-2020-29661 CVE-2020-35513 CVE-2021-20230 |
| CWE-ID | CWE-129 CWE-190 CWE-119 CWE-416 CWE-330 CWE-667 CWE-269 CWE-295 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software |
Red Hat Advanced Cluster Management for Kubernetes Server applications / Other server solutions |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper Validation of Array Index
EUVDB-ID: #VU52902
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-3121
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper validation of index array in plugin/unmarshal/unmarshal.go. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions, possibly leading to remote code execution.
Install updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU29014
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-10543
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU29015
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-10878
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU29016
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-12723
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.
The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU51544
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-14351
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU51897
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-15436
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in fs/block_dev.c in the Linux kernel. A local user can run a specially crafted program to escalate privileges on the system.
Install updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use of insufficiently random values
EUVDB-ID: #VU49150
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2020-25705
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
MitigationInstall updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Improper locking
EUVDB-ID: #VU51543
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2020-29661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a escalate privileges on the system.
The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Improper Privilege Management
EUVDB-ID: #VU69431
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-35513
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper privilege management in the Linux kernel NFS (network file system) functionality in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A local user can trigger the vulnerability to starve the resources and perform a denial of service attack.
MitigationInstall updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Certificate Validation
EUVDB-ID: #VU50843
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-20230
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper client certificate validation, when redirect and verifyChain options are used. A remote attacker can bypass implemented security restrictions with a any valid certificated and gain access to sensitive information.
Install updates from vendor's website.
Red Hat Advanced Cluster Management for Kubernetes: before 2.0.8
CPE2.3 External linkshttps://access.redhat.com/errata/RHSA-2021:0719
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
