CVE-2020-17522 : When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Co

When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.

Published 2021-01-26 18:15:41

Updated 2022-04-01 15:43:06

Source Apache Software Foundation

View at NVD, CVE.org

Products affected by CVE-2020-17522

Apache » Traffic Control
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.1.0
cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*
Matching versions
Apache » Traffic Control
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.1.0
cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-17522

EPSS FAQ

2.88%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-17522

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
5.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2020-17522

CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-17522

https://lists.apache.org/thread.html/r3de212a3da73bcf98fa2db7eafb75b2eb8e131ff466e6efc4284df09%40%3Cdev.trafficcontrol.apache.org%3E

CVE-2020-17522: Mid Tier Cache Manipulation Attack - Pony Mail
Mailing List;Vendor Advisory
https://lists.apache.org/thread.html/rc8bfd7d4f71d61e9193efcd4699eccbab3c202ec1d75ed9d502f08bf@%3Ccommits.trafficcontrol.apache.org%3E

[trafficcontrol-website] 01/02: Add CVE-2021-42009 - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E

[trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link - Pony Mail
Mailing List;Patch;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-17522

Products affected by CVE-2020-17522

Exploit prediction scoring system (EPSS) score for CVE-2020-17522

CVSS scores for CVE-2020-17522

CWE ids for CVE-2020-17522

References for CVE-2020-17522