CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
49.6%
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
[
{
"product": "Systemd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Canonical Ubuntu 20.04 LTS, Systemd 245"
}
]
}
]
www.openwall.com/lists/oss-security/2021/08/04/2
www.openwall.com/lists/oss-security/2021/08/17/3
www.openwall.com/lists/oss-security/2021/09/07/3
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
security.gentoo.org/glsa/202107-48
security.netapp.com/advisory/ntap-20210625-0005/
talosintelligence.com/vulnerability_reports/TALOS-2020-1142
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
49.6%