Lucene search

[email protected]NVD:CVE-2020-13817

HistoryJun 04, 2020 - 1:15 p.m.

CVE-2020-13817

2020-06-0413:15:11

CWE-330

[email protected]

web.nvd.nist.gov

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim’s ntpd instance.

Affected configurations

NVD

Node

ntpntpRange<4.2.8

ntpntpRange4.3.0–4.3.100

ntpntpMatch4.2.8-

ntpntpMatch4.2.8p1

ntpntpMatch4.2.8p1-beta1

ntpntpMatch4.2.8p1-beta2

ntpntpMatch4.2.8p1-beta3

ntpntpMatch4.2.8p1-beta4

ntpntpMatch4.2.8p1-beta5

ntpntpMatch4.2.8p1-rc1

ntpntpMatch4.2.8p1-rc2

ntpntpMatch4.2.8p10

ntpntpMatch4.2.8p11

ntpntpMatch4.2.8p12

ntpntpMatch4.2.8p13

ntpntpMatch4.2.8p2

ntpntpMatch4.2.8p2-rc1

ntpntpMatch4.2.8p2-rc2

ntpntpMatch4.2.8p2-rc3

ntpntpMatch4.2.8p3

ntpntpMatch4.2.8p3-rc1

ntpntpMatch4.2.8p3-rc2

ntpntpMatch4.2.8p3-rc3

ntpntpMatch4.2.8p4

ntpntpMatch4.2.8p5

ntpntpMatch4.2.8p6

ntpntpMatch4.2.8p7

ntpntpMatch4.2.8p8

ntpntpMatch4.2.8p9

Node

netappcloud_backupMatch-

netappclustered_data_ontapMatch-

netappdata_ontapMatch-7-mode

netappelement_softwareMatch-

netapphci_management_nodeMatch-

netappontap_toolsMatch-vmware_vsphere

netappsolidfireMatch-

netappsteelstore_cloud_integrated_storageMatch-

Node

netapphci_compute_nodeMatch-

AND

netapphci_compute_node_firmwareMatch-

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

opensuseleapMatch15.1

opensuseleapMatch15.2

Node

fujitsum10-1_firmwareRange<xcp2410

AND

fujitsum10-1Match-

Node

fujitsum10-4_firmwareRange<xcp2410

AND

fujitsum10-4Match-

Node

fujitsum10-4s_firmwareRange<xcp2410

AND

fujitsum10-4sMatch-

Node

fujitsum12-1_firmwareRange<xcp2410

AND

fujitsum12-1Match-

Node

fujitsum12-2_firmwareRange<xcp2410

AND

fujitsum12-2Match-

Node

fujitsum12-2s_firmwareRange<xcp2410

AND

fujitsum12-2sMatch-

Node

fujitsum10-4_firmwareRange<xcp3110

AND

fujitsum10-4Match-

Node

fujitsum10-4s_firmwareRange<xcp3110

AND

fujitsum10-4sMatch-

Node

fujitsum12-1_firmwareRange<xcp3110

AND

fujitsum12-1Match-

Node

fujitsum12-2_firmwareRange<xcp3110

AND

fujitsum12-2Match-

Node

fujitsum12-2s_firmwareRange<xcp3110

AND

fujitsum12-2sMatch-

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html

support.ntp.org/bin/view/Main/NtpBug3596

bugs.ntp.org/show_bug.cgi?id=3596

security.gentoo.org/glsa/202007-12

security.netapp.com/advisory/ntap-20200625-0004/

www.oracle.com/security-alerts/cpujan2022.html

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

6.4 Medium

AI Score

Confidence

High

0.059 Low

EPSS

Percentile

93.5%

JSON

Related for NVD:CVE-2020-13817

nessus26 veracode1 f51 ubuntucve1 prion2 cvelist1 openvas16 cve2 debiancve1 redhatcve1 fedora1 oraclelinux1 nvd1 amazon1 ibm8 centos1 redhat1 gentoo1 aix1 suse2 ics1 rosalinux1 oracle1