Vulnerability Name:

CVE-2020-17516 (CCN-196036)

Assigned:2020-08-12
Published:2021-02-01
Updated:2021-09-16
Summary:Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-290
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-17516

Source: CONFIRM
Type: Mailing List, Vendor Advisory
http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e

Source: CCN
Type: Apache Web site
Apache Cassandra

Source: XF
Type: UNKNOWN
apache-cve202017516-sec-bypass(196036)

Source: MLIST
Type: Mailing List, Third Party Advisory
[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch

Source: MLIST
Type: Mailing List, Third Party Advisory
[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch

Source: MLIST
Type: Mailing List, Vendor Advisory
[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch

Source: CCN
Type: oss-sec Mailing List, Mon, 1 Feb 2021 23:49:20 +0000
[CVE-2020-17516] Apache Cassandra internode encryption enforcement vulnerability

Source: CONFIRM
Type: Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20210521-0002/

Source: CCN
Type: IBM Security Bulletin 6440475 (Network Performance Insight)
IBM Network Performance Insight 1.3.1 was affected by CVE-2020-17516 in Apache Cassandra.

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:cassandra:*:*:*:*:*:*:*:* (Version >= 2.1.0 and <= 2.1.22)
  • OR cpe:/a:apache:cassandra:*:*:*:*:*:*:*:* (Version >= 2.2.0 and <= 2.2.19)
  • OR cpe:/a:apache:cassandra:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.0.23)
  • OR cpe:/a:apache:cassandra:*:*:*:*:*:*:*:* (Version >= 3.11.0 and <= 3.11.9)

    • Configuration CCN 1:
  • cpe:/a:apache:cassandra:2.1.22:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cassandra:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cassandra:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cassandra:3.11.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:84184
    P
    		Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)
    2021-07-28
    oval:org.opensuse.security:def:84643
    P
    		Security update for ardana-cobbler, cassandra, cassandra-kit, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-heat-templates, openstack-monasca-installer, openstack-nova, python-Django, python-elementpath, python-eventlet, python-py, python-pysaml2, python-six, python-xmlschema (Moderate)
    2021-07-28
    oval:org.opensuse.security:def:88141
    P
    		Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)
    2021-06-11
    oval:org.opensuse.security:def:88454
    P
    		Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone (Moderate)
    2021-06-11
    BACK
    apache cassandra *
    apache cassandra *
    apache cassandra *
    apache cassandra *
    apache cassandra 2.1.22
    apache cassandra 2.2.19
    apache cassandra 3.0.23
    apache cassandra 3.11.9