Published: 03/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 6 | Impact Score: 3.7 | Exploitability Score: 1.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation cni network plugins
redhat enterprise linux 7.0
redhat enterprise linux 8.0
fedoraproject fedora 32
redhat openshift container platform 4.0

Synopsis Moderate: container-tools:rhel8 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Mode ...

Synopsis Moderate: OpenShift Container Platform 448 containernetworking-plugins security update Type/Severity Security Advisory: Moderate Topic An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: containernetworking-plugins security update Type/Severity Security Advisory: Moderate Topic An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vul ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: OpenShift Container Platform 4236 containernetworking-plugins security update Type/Severity Security Advisory: Moderate Topic An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having ...

Synopsis Moderate: OpenShift Container Platform 4325 containernetworking-plugins security update Type/Severity Security Advisory: Moderate Topic An update for containernetworking-plugins is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having ...

CVE-2020-10749 PoC (Kubernetes MitM attacks via IPv6 rogue router advertisements)

CVE-2020-10749 CVE-2020-10749 PoC (Kubernetes MitM attacks via IPv6 rogue router advertisements) For educational purposes only

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html https://groups.google.com/forum/#%21topic/kubernetes-security-announce/BMb_6ICCfp8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/https://nvd.nist.gov https://github.com/knqyf263/CVE-2020-10749 https://access.redhat.com/errata/RHSA-2020:4694

CVE-2020-10749

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect