VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kan2-3fe2-aaan

Essentials
Severities (119)
References (36)
Severity details (28)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-kan2-3fe2-aaan
Aliases	CVE-2020-15157 GHSA-742w-89gc-8m9c
Summary	In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-522	Insufficiently Protected Credentials
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15157.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:5634
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
epss	0.00303	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00303	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00303	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00303	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00436	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.00591	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
epss	0.02543	https://api.first.org/data/v1/epss?cve=CVE-2020-15157
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1888248
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
cvssv3.1	6.1	https://darkbit.io/blog/cve-2020-15157-containerdrip
generic_textual	MODERATE	https://darkbit.io/blog/cve-2020-15157-containerdrip
cvssv3.1	6.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://github.com/containerd/containerd
generic_textual	MODERATE	https://github.com/containerd/containerd
cvssv3.1	6.1	https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
generic_textual	MODERATE	https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
cvssv3.1	6.1	https://github.com/containerd/containerd/releases/tag/v1.2.14
generic_textual	MODERATE	https://github.com/containerd/containerd/releases/tag/v1.2.14
cvssv3.1	6.1	https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
generic_textual	MODERATE	https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
cvssv2	2.6	https://nvd.nist.gov/vuln/detail/CVE-2020-15157
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2020-15157
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2020-15157
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4589-1
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4589-2
cvssv3.1	6.1	https://usn.ubuntu.com/4589-1
generic_textual	MODERATE	https://usn.ubuntu.com/4589-1
cvssv3.1	6.1	https://usn.ubuntu.com/4589-2
generic_textual	MODERATE	https://usn.ubuntu.com/4589-2
cvssv3.1	6.5	https://www.debian.org/security/2021/dsa-4865
generic_textual	MODERATE	https://www.debian.org/security/2021/dsa-4865

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15157.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-15157
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
		https://darkbit.io/blog/cve-2020-15157-containerdrip
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/containerd/containerd
		https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
		https://github.com/containerd/containerd/releases/tag/v1.2.14
		https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
		https://ubuntu.com/security/notices/USN-4589-1
		https://ubuntu.com/security/notices/USN-4589-2
		https://usn.ubuntu.com/4589-1
		https://usn.ubuntu.com/4589-1/
		https://usn.ubuntu.com/4589-2
		https://usn.ubuntu.com/4589-2/
		https://www.debian.org/security/2021/dsa-4865
1888248		https://bugzilla.redhat.com/show_bug.cgi?id=1888248
cpe:2.3:a:linuxfoundation:containerd::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd::::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:-::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta0::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta0::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta1::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:beta2::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc0::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc0::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc1::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc2::::::
cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:containerd:1.3.0:rc3::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2020-15157		https://nvd.nist.gov/vuln/detail/CVE-2020-15157
RHSA-2020:5634		https://access.redhat.com/errata/RHSA-2020:5634

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://darkbit.io/blog/cve-2020-15157-containerdrip

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/containerd/containerd

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/releases/tag/v1.2.14

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15157

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15157

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15157

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://usn.ubuntu.com/4589-1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://usn.ubuntu.com/4589-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://www.debian.org/security/2021/dsa-4865

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.69272
EPSS Score	0.00303
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.