How severe is CVE-2021-20288?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2021-20288?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-20288 - HIGH Severity | CVSS 7.2

Vulnerability Description

An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Vulnerabilities

CVE-2016-10831

HIGH

CVSS:7.2(High)

cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

CWE-2872016

CVE-2017-14602

HIGH

CVSS:7.2(High)

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e ...

CWE-2872017

CVE-2017-15519

HIGH

CVSS:7.2(High)

Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote attackers to view and modify backup related data via the Plug-in for NAS File Services. All users are urged to move to version 3.0...

CWE-2872017

CVE-2018-0116

HIGH

CVSS:7.2(High)

A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to be authorized as a subscriber without providing a valid password; however, ...

CWE-2872018

CVE-2018-7067

HIGH

CVSS:7.2(High)

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the ent...

CWE-2872018

CVE-2019-14705

HIGH

CVSS:7.2(High)

An Incorrect Access Control issue was discovered on MicroDigital N-series cameras with firmware through 6400.0.8.5 because any valid cookie can be used to make requests as an admin.

CWE-2872019