TLS SNI Hostname Validation Flaw in Osquery by Facebook
CVE-2020-1887

9.1CRITICAL

Key Information:

Vendor: Facebook
Status: Osquery
Vendor: CVE Published:; 13 March 2020

What is CVE-2020-1887?

A security flaw exists in Osquery, a tool developed by Facebook, where incorrect validation of the Transport Layer Security (TLS) Server Name Indication (SNI) hostname has been identified. This imperfection allows potential attackers to execute Man-in-the-Middle (MITM) attacks, intercepting and tampering with osquery traffic, particularly in environments lacking a properly configured root chain of trust. Users of Osquery versions later than 2.9.0 and earlier than 4.2.0 are urged to be aware of this vulnerability and to configure their systems accordingly.

Affected Version(s)

Osquery 4.2.0

Osquery next of 2.9.0

Osquery 2.9.0

References

https://github.com/osquery/osquery/pull/6197

x_refsource_CONFIRM

https://www.facebook.com/security/advisories/cve-2020-1887

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2020
Vulnerability Reserved
Dec 2, 2019