CVE-2020-17049

Advisory lineage Upstream: 0 Downstream: 7

Downstream

OPENSUSE-SU-2024:11631-1 RHSA-2023:2570 RHSA-2024:0137 RHSA-2024:0139 RHSA-2024:0143 RHSA-2024:0252

Modified

Published: 11 Nov 2020, 00:00

Last modified:15 Nov 2024, 16:12

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9 HIGH

v2.0 (nvd)

EPSS Score

25.55% HIGH

26% probability -1.15%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Nov 2020, 00:00

Published

Vulnerability first disclosed

15 Nov 2024, 16:12

Last Modified

Vulnerability information updated

Description

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.

CVSS Metrics

v3.1•MEDIUM•Score: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
v3.1•MEDIUM•Score: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 9AV:N/AC:L/Au:S/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 25.55%• Percentile: 96%

Techniques & Countermeasures

CWE-863•Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Affected Systems

microsoft•windows server 2008 service pack 2
≥ 6.0.0, < 6.0.6003.21167
microsoft•windows server 2008 r2 service pack 1
≥ 6.1.0, < 6.1.7601.25661
microsoft•windows server 2008 r2 service pack 1 (server core installation)
≥ 6.0.0, < 6.1.7601.25661
microsoft•windows server 2008 service pack 2
≥ 6.0.0, < 6.0.6003.21167
microsoft•windows server 2008 service pack 2 (server core installation)
≥ 6.0.0, < 6.0.6003.21167
microsoft•windows server 2012
r2 | ≥ 6.2.0, < 6.2.9200.23409
microsoft•windows server 2012 r2
≥ 6.3.0, < 6.3.9600.20069
microsoft•windows server 2012 r2 (server core installation)
≥ 6.3.0, < 6.3.9600.20069
microsoft•windows server 2012 (server core installation)
≥ 6.2.0, < 6.2.9200.23409
microsoft•windows server 2016
na | 20h2 | 1903 | 1909 | 2004 | ≥ 10.0.0, < 10.0.14393.4530
microsoft•windows server 2016 (server core installation)
≥ 10.0.0, < 10.0.14393.4530
microsoft•windows server 2019
na | ≥ 10.0.0, < 10.0.17763.2061
microsoft•windows server 2019 (server core installation)
≥ 10.0.0, < 10.0.17763.2061
microsoft•windows server, version 1903 (server core installation)
≥ 10.0.0, < publication
microsoft•windows server, version 1909 (server core installation)
≥ 10.0.0, < publication
microsoft•windows server version 2004
≥ 10.0.0, < 10.0.19041.1110
microsoft•windows server version 20h2
≥ 10.0.0, < 10.0.19041.1110
samba•samba
≥ 4.1.0, < 4.13.13 | ≥ 4.14.0, < 4.14.9 | ≥ 4.15.0, < 4.15.1