CVE-2020-15590 - Vulnerability Details

Vendors	Products
Privateinternetaccess	Private Internet Access Vpn Client

Link	Providers
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md
https://sick.codes/cve-2020-15590/

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a \u201csplit tunnel\u201d OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-14T21:11:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sickcodes"}, {"tags": ["x_refsource_MISC"], "url": "https://sick.codes/cve-2020-15590/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-15590", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a \u201csplit tunnel\u201d OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sickcodes", "refsource": "MISC", "url": "https://github.com/sickcodes"}, {"name": "https://sick.codes/cve-2020-15590/", "refsource": "MISC", "url": "https://sick.codes/cve-2020-15590/"}, {"name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md", "refsource": "MISC", "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:29.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sickcodes"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sick.codes/cve-2020-15590/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-15590", "datePublished": "2020-09-14T21:11:35", "dateReserved": "2020-07-07T00:00:00", "dateUpdated": "2024-08-04T13:22:29.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:privateinternetaccess:private_internet_access_vpn_client:*:*:*:*:*:linux:*:*", "matchCriteriaId": "EF164CA0-C1B5-4D63-808C-F8840290ED6E", "versionEndExcluding": "2.4.0", "versionStartIncluding": "1.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a \u201csplit tunnel\u201d OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically."}, {"lang": "es", "value": "Una vulnerabilidad en el Private Internet Access (PIA) VPN Client para Linux versiones 1.5 hasta 2.3+, permite a atacantes remotos omitir un mecanismo de desconexi\u00f3n autom\u00e1tica de VPN previsto y leer informaci\u00f3n confidencial por medio de la interceptaci\u00f3n del tr\u00e1fico de red. A partir de la versi\u00f3n 1.5, PIA ha admitido una opci\u00f3n de omisi\u00f3n de OpenVPN \u201csplit tunnel\u201d. El firewall PIA killswitch & associated iptables asociado est\u00e1 dise\u00f1ado para protegerle mientras utiliza Internet. Cuando el switch de interrupci\u00f3n est\u00e1 configurado para bloquear todo el tr\u00e1fico de red entrante y saliente, las aplicaciones privilegiadas pueden continuar enviando y recibiendo tr\u00e1fico de red si net.ipv4.ip_forward ha sido habilitado en los par\u00e1metros del kernel del sistema. Por ejemplo, un contenedor Docker que se ejecuta en un host con la VPN apagada y el switch de interrupci\u00f3n encendido puede continuar usando Internet, filtrando la IP del host (CWE 200). En PIA versiones 2.4.0+, El enrutamiento basado en pol\u00edticas est\u00e1 habilitado por defecto y es usado para dirigir todos los paquetes reenviados hacia la interfaz VPN autom\u00e1ticamente"}], "id": "CVE-2020-15590", "lastModified": "2024-11-21T05:05:48.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-09-14T22:15:11.503", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://github.com/sickcodes"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://sick.codes/cve-2020-15590/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://github.com/sickcodes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://sick.codes/cve-2020-15590/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object