CVE-2020-13946

cassandra: allows manipulation of the RMI registry to perform a MITM attack and capture user names and passwords used to access the JMX interface

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

En Apache Cassandra, todas las versiones anteriores a 2.1.22, 2.2.18, 3.0.22, 3.11.8 y 4.0-beta2, es posible a un atacante local sin acceso al proceso de Apache Cassandra o archivos de configuración manipular el registro RMI para llevar a cabo un ataque de tipo man-in-the-middle y capturar los nombres de usuario y las contraseñas usadas para acceder a la interfaz JMX. El atacante puede usar estas credenciales para acceder a la interfaz JMX y llevar a cabo operaciones no autorizadas. Los usuarios también deben conocer de CVE-2019-2684, una vulnerabilidad de JRE que permite explotar este problema remotamente

A flaw was found in cassandra in versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2. A local attacker without access to the Apache Cassandra process or configuration files can manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. A JRE vulnerability (CVE-2019-2684) enables this issue to be exploited remotely. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-08 CVE Reserved
2020-09-01 CVE Published
2023-07-11 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-668: Exposure of Resource to Wrong Sphere

CAPEC

References (7)

URL	Tag	Source
https://lists.apache.org/thread.html/r1fd117082b992e7d43c1286e966c285f98aa362e685695d999ff42f7%40%3Cuser.cassandra.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r718e01f61b35409a4f7a3ccbc1cb5136a1558a9f9c2cb8d4ca9be1ce%40%3Cuser.cassandra.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rab8d90d28f944d84e4d7852f355a25c89451ae02c2decc4d355a9cfc%40%3Cuser.cassandra.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20210521-0005	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://lists.apache.org/thread.html/rcd7544b24d8fc32b7950ec4c117052410b661babaa857fb1fc641152%40%3Cuser.cassandra.apache.org%3E	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-13946	2021-03-11
https://bugzilla.redhat.com/show_bug.cgi?id=1875830	2021-03-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				< 2.1.22 Search vendor "Apache" for product "Cassandra" and version " < 2.1.22"		-		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				>= 2.2.0 < 2.2.18 Search vendor "Apache" for product "Cassandra" and version " >= 2.2.0 < 2.2.18"		-		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				>= 3.0.0 < 3.0.22 Search vendor "Apache" for product "Cassandra" and version " >= 3.0.0 < 3.0.22"		-		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				>= 3.11.0 < 3.11.8 Search vendor "Apache" for product "Cassandra" and version " >= 3.11.0 < 3.11.8"		-		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				4.0.0 Search vendor "Apache" for product "Cassandra" and version "4.0.0"		alpha1		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				4.0.0 Search vendor "Apache" for product "Cassandra" and version "4.0.0"		alpha2		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				4.0.0 Search vendor "Apache" for product "Cassandra" and version "4.0.0"		alpha3		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				4.0.0 Search vendor "Apache" for product "Cassandra" and version "4.0.0"		alpha4		Affected
Apache Search vendor "Apache"		Cassandra Search vendor "Apache" for product "Cassandra"				4.0.0 Search vendor "Apache" for product "Cassandra" and version "4.0.0"		beta1		Affected
Netapp Search vendor "Netapp"		Oncommand Insight Search vendor "Netapp" for product "Oncommand Insight"				-		-		Affected