Rapid7 Vulnerability & Exploit Database

Red Hat OpenShift: CVE-2020-1749: kernel: some ipv6 protocols not encrypted over ipsec tunnel

Back to Search

Red Hat OpenShift: CVE-2020-1749: kernel: some ipv6 protocols not encrypted over ipsec tunnel

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
09/09/2020
Created
12/30/2020
Added
12/29/2020
Modified
02/03/2021

Description

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.

Solution(s)

  • linuxrpm-upgrade-redhat-coreos

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;