Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-15025
HistoryJun 24, 2020 - 7:15 p.m.

CVE-2020-15025

2020-06-2419:15:10
CWE-401
[email protected]
web.nvd.nist.gov
201
2
cve
ntp
denial of service
memory consumption
remote attackers
cmac
algorithm

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

Affected configurations

NVD
Node
ntpntpRange4.3.974.3.101
OR
ntpntpMatch4.2.8p11
OR
ntpntpMatch4.2.8p12
OR
ntpntpMatch4.2.8p13
OR
ntpntpMatch4.2.8p14
Node
opensuseleapMatch15.1
OR
opensuseleapMatch15.2
Node
netappcloud_backupMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
Node
netapp8300_firmwareMatch-
AND
netapp8300Match-
Node
netapp8700_firmwareMatch-
AND
netapp8700Match-
Node
netappa400_firmwareMatch-
AND
netappa400Match-
Node
netapph410c_firmwareMatch-
AND
netapph410cMatch-
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph300eMatch-
AND
netapph300e_firmwareMatch-
Node
netapph500eMatch-
AND
netapph500e_firmwareMatch-
Node
netapph700eMatch-
AND
netapph700e_firmwareMatch-
Node
netapph410sMatch-
AND
netapph410s_firmwareMatch-
Node
oraclezfs_storage_appliance_kitMatch8.8
CPENameOperatorVersion
ntp:ntpntplt4.3.101
ntp:ntpntpeq4.2.8

Social References

More

Related

veracode 1
ubuntu 1
osv 1
nessus 13
photon 5
ibm 4
cvelist 1
prion 1
openvas 11
redhatcve 1
ubuntucve 1
debiancve 1
nvd 1
mageia 1
aix 1
gentoo 1
suse 2
oracle 1
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:35:48
ubuntu
ubuntu
NTP vulnerability
2021-12-06 00:00:00
osv
osv
ntp vulnerability
2021-12-06 14:10:56
nessus
nessus
EulerOS 2.0 SP8 : ntp (EulerOS-SA-2020-2314)
2020-11-02 00:00:00
Photon OS 1.0: Ntp PHSA-2021-1.0-0374
2021-03-25 00:00:00
Ubuntu 20.04 ESM : NTP vulnerability (USN-5175-1)
2023-10-20 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0133
2020-08-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0374
2021-03-23 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0133
2020-08-29 00:00:00
ibm
ibm
Security Bulletin: IBM API Connect V5 is impacted by a denial of service (DoS) vulnerability in NTP (CVE-2020-15025)
2021-04-06 17:20:36
Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2020-11868, CVE-2020-13817, and CVE-2020-15025)
2020-10-26 22:55:30
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Network Time Protocol (NTP)
2023-12-07 22:45:07
cvelist
cvelist
CVE-2020-15025
2020-06-24 18:04:39
prion
prion
Design/Logic Flaw
2020-06-24 19:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2021-1567)
2021-03-05 00:00:00
NTP < 4.2.8p15 DoS Vulnerability
2021-06-21 00:00:00
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-2314)
2020-11-02 00:00:00
redhatcve
redhatcve
CVE-2020-15025
2020-06-29 19:16:53
ubuntucve
ubuntucve
CVE-2020-15025
2020-06-24 00:00:00
debiancve
debiancve
CVE-2020-15025
2020-06-24 19:15:10
nvd
nvd
CVE-2020-15025
2020-06-24 19:15:10
mageia
mageia
Updated ntp packages fix security vulnerability
2020-07-05 22:48:23
aix
aix
There are vulnerabilities in NTPv4 that affect AIX.
2020-10-26 15:14:11
gentoo
gentoo
NTP: Multiple vulnerabilities
2020-07-26 00:00:00
suse
suse
Security update for ntp (moderate)
2020-07-06 00:00:00
Security update for ntp (moderate)
2020-07-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for CVE-2020-15025
veracode1ubuntu1osv1nessus13photon5ibm4cvelist1prion1openvas11redhatcve1ubuntucve1debiancve1nvd1mageia1aix1gentoo1suse2oracle1