4.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
13.5%
A flaw has been discovered in which an attacker can infer SSH keystrokes when after a victim connects to a compromised host. The attacker must compromise a server that the victim is connecting to and be able to groom the CPU cache on the system prior to or while a connection is in progress. The attack uses RDMA to groom the cache then measures the response time of cache access to aid in statistical likelihood of an educated guess of keystroke input. This flaw has been branded “NetCat”.
This particular attack requires the compromised server to use RDMA and a Intel Xeon CPU. The Intel Xeon CPU family has a specific feature (DDIO) that allows RDMA to use CPU internal cache to improve RDMA performance. The client connecting to the compromised server does not need to use RDMA or DDIO.
- This attack is similar to connecting to any other compromised/untrusted host; any untrusted system could already log SSH input.
- RDMA is designed to not require operating system interaction, its interactions are between the network card and system hardware. If this functionality is compromised the operating system is unable to affect changes here.
While this attack vector does seem unlikely, Red Hat recommends following Intel's instructions. Connecting to a compromised host is not recommended. Red Hat products can 'run' on the affected system but the system design is not something that is solvable in Red Hat products.
bugzilla.redhat.com/show_bug.cgi?id=1752738
nvd.nist.gov/vuln/detail/CVE-2019-11184
software.intel.com/security-software-guidance/insights/more-information-netcat
www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
www.cve.org/CVERecord?id=CVE-2019-11184
www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html
www.vusec.net/projects/netcat/
4.8 Medium
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2.3 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:M/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
13.5%