What is CVE-2020-15590?

CVE-2020-15590 is a High severity Linux kernel vulnerability with a CVSS score of 7.5 out of 10. CVE-2020-15590 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2020-15590?

CVE-2020-15590 has a CVSS score of 7.5 out of 10, rated High severity. The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Is there a patch available for CVE-2020-15590?

No patch is currently available for CVE-2020-15590. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2020-15590 actively exploited?

CVE-2020-15590 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2020-15590

High

A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically.

Package Linux Kernel

Published 2020-09-14

Last modified 2024-11-21

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

7.5

out of 10

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness type

CWE-863

CVE-2020-15590 is classified as CWE-863

See CWE-863 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2020-15590 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

GitHub
https://github.com/sickcodes

Not Applicable
GitHub
https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-001.md

Exploit Mitigation Third Party Advisory
Sick
https://sick.codes/cve-2020-15590/

Exploit Mitigation Third Party Advisory

Details

CVE ID CVE-2020-15590

Severity High

CVSS score 7.5 / 10

CVSS version 3.1

Published 2020-09-14

Modified 2024-11-21

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2020-15590?

CVE-2020-15590 is a High severity Linux kernel vulnerability with a CVSS score of 7.5 out of 10 . CVE-2020-15590 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2020-15590?

CVE-2020-15590 has a CVSS score of 7.5 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Is there a patch available for CVE-2020-15590?

No patch is currently available for CVE-2020-15590. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2020-15590 actively exploited?

No — CVE-2020-15590 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.