CVE-2020-13597 Vulnerability Details

  /     /     /  

CVE-2020-13597 Metadata Quick Info

CVE Published: 03/06/2020 | CVE Updated: 16/09/2024 | CVE Year: 2020
Source: Tigera | Vendor: Tigera Inc | Product: Calico
Status : PUBLISHED

---

CVE-2020-13597 Description

Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod.

Metrics

CVSS Version: 3.1 | Base Score: 6 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-201
CWE Name: CWE-201 Information Exposure Through Sent Data
Source: Tigera Inc

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).