#VU48684 Authentication bypass using an alternate path or channel in Ceph - CVE-2020-25660

Cybersecurity Help s.r.o.

Published: 2020-11-23 | Updated: 2020-11-27

Vulnerability identifier: #VU48684

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-25660

CWE-ID: CWE-288

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Ceph
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists with in the implementation of the Cephx authentication protocol. A remote attacker with access to the Ceph cluster network can intercept authentication packets and perform replay attacks in Nautilus.

The vulnerability affects msgr2 protocol only and is basically a reintroduction of previously patched vulnerability #VU14542.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Ceph: 14.0.0 - 15.2.5

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1890354
https://ceph.io/community/v15-2-6-octopus-released/
https://ceph.io/releases/v14-2-14-nautilus-released/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for Ceph

Ubuntu update for ceph

Multiple vulnerabilities in Red Hat OpenShift Container Storage

Authentication bypass using an alternate path or channel in ceph (Alpine package)

Authentication bypass in Red Hat Ceph Storage 4

Arch Linux update for ceph

Authentication bypass in Ceph