How severe is CVE-2020-25660?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-25660?

This is classified as CWE-294, which is a common weakness in software security.

CVE-2020-25660 - HIGH Severity | CVSS 8.8

Vulnerability Description

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.

Related Vulnerabilities

CVE-2017-11786

HIGH

CVSS:8.8(High)

Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authent...

CWE-2942017

CVE-2017-6823

HIGH

CVSS:8.8(High)

Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.

CWE-2942017

CVE-2018-19023

HIGH

CVSS:8.8(High)

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or kee...

CWE-2942018

CVE-2020-10045

HIGH

CVSS:8.8(High)

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker ...

CWE-2942020

CVE-2020-15688

HIGH

CVSS:8.8(High)

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via ca...

CWE-2942020

CVE-2021-31958

HIGH

CVSS:8.8(High)

Windows NTLM Elevation of Privilege Vulnerability

CWE-2942021