CVE-2020-36516

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

4.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:P

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://dl.acm.org/doi/10.1145/3372297.3417884 Technical Description Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0003/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2022-02-26 04:15

Updated : 2023-11-09 14:44

NVD link : CVE-2020-36516

Mitre link : CVE-2020-36516

CVE.ORG link : CVE-2020-36516

JSON object : View

Products Affected

netapp

  • h500e_firmware
  • h300e
  • h410s
  • hci_compute_node
  • e-series_santricity_os_controller
  • h610s
  • h700e
  • h615c_firmware
  • h410c
  • h700s_firmware
  • h700e_firmware
  • solidfire\,_enterprise_sds_\&_hci_storage_node
  • h610c
  • h610c_firmware
  • h300s_firmware
  • bootstrap_os
  • h500s
  • h300s
  • h700s
  • h610s_firmware
  • h300e_firmware
  • h500e
  • h410c_firmware
  • h410s_firmware
  • h615c
  • h500s_firmware
  • solidfire_\&_hci_management_node
  • cloud_volumes_ontap_mediator

linux

  • linux_kernel
CWE
CWE-327

Use of a Broken or Risky Cryptographic Algorithm