{"api_version":"1","generated_at":"2026-04-23T04:32:57+00:00","cve":"CVE-2020-1749","urls":{"html":"https://cve.report/CVE-2020-1749","api":"https://cve.report/api/cve/CVE-2020-1749.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1749","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1749"},"summary":{"title":"CVE-2020-1749","description":"A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-09-09 15:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-319"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20201222-0001/","name":"https://security.netapp.com/advisory/ntap-20201222-0001/","refsource":"CONFIRM","tags":[],"title":"CVE-2020-1749 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1809833 – (CVE-2020-1749) CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1749","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1749","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1749","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"enterprise_mrg","cpe6":"2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-1749","qid":"174806","title":"SUSE Enterprise Linux Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (SUSE-SU-2021:0835-1)"},{"cve":"CVE-2020-1749","qid":"174874","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (SUSE-SU-2021:1074-1)"},{"cve":"CVE-2020-1749","qid":"352300","title":"Amazon Linux Security Advisory for kernel: ALAC2012-2020-020"},{"cve":"CVE-2020-1749","qid":"352344","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2020-024"},{"cve":"CVE-2020-1749","qid":"352345","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2020-023"},{"cve":"CVE-2020-1749","qid":"352346","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2020-022"},{"cve":"CVE-2020-1749","qid":"352347","title":"Amazon Linux Security Advisory for kernel-livepatch: ALAS2LIVEPATCH-2020-021"},{"cve":"CVE-2020-1749","qid":"377065","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2020:0113)"},{"cve":"CVE-2020-1749","qid":"750014","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1623-1)"},{"cve":"CVE-2020-1749","qid":"750376","title":"OpenSUSE Security Update for RT kernel (openSUSE-SU-2021:0242-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-1749","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Linux Kernel","product":{"product_data":[{"product_name":"kernel","version":{"version_data":[{"version_value":"5.5"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-319"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1749","refsource":"CONFIRM"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20201222-0001/","url":"https://security.netapp.com/advisory/ntap-20201222-0001/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality."}]},"impact":{"cvss":[[{"vectorString":"7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-09-09 15:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-319"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1749","Ordinal":"160987","Title":"CVE-2020-1749","CVE":"CVE-2020-1749","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1749","Ordinal":"1","NoteData":"A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"1749","Ordinal":"2","NoteData":"2020-09-09","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1749","Ordinal":"3","NoteData":"2020-12-22","Type":"Other","Title":"Modified"}]}}}