Strix
26.1K

CVE-2020-13946

MEDIUMCVSS 5.9/10EPSS 2.95%

Last modified

CVE-2020-13946 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. EPSS estimates a 2.95% chance of exploitation in the next 30 days.

Description

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.

Metrics

CVSS 3.1
5.9/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
2.95%

85.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
ApacheCassandra< 2.1.22
ApacheCassandra>= 2.2.0, < 2.2.18
ApacheCassandra>= 3.0.0, < 3.0.22
ApacheCassandra>= 3.11.0, < 3.11.8
ApacheCassandra4.0.0Alpha1
NetappOncommand InsightAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-13946?
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely.
How severe is CVE-2020-13946?
CVE-2020-13946 has a CVSS score of 5.9/10 (MEDIUM severity). The EPSS model estimates a 2.95% probability of exploitation in the next 30 days.
How do I fix CVE-2020-13946?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-13946?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST