Описание
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
Отчет
This CVE is rated as Moderate because it requires an active Man-in-the-Middle (MITM) attacker who can intercept and modify the connection's traffic at the TCP/IP layer. While this can compromise the confidentiality and integrity of resources, the vulnerability is considered to be difficult to exploit under normal circumstances.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libnbd | Affected | ||
| Red Hat Enterprise Linux 8 Advanced Virtualization | virt:av/libnbd | Will not fix | ||
| Red Hat Enterprise Linux 8 | virt-devel | Fixed | RHSA-2024:6964 | 24.09.2024 |
| Red Hat Enterprise Linux 8 | virt | Fixed | RHSA-2024:6964 | 24.09.2024 |
| Red Hat Enterprise Linux 9 | libnbd | Fixed | RHSA-2024:6757 | 18.09.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
A flaw was found in libnbd. The client did not always correctly verify ...
EPSS
7.4 High
CVSS3