4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
76.4%
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote
attackers to cause a denial of service (memory consumption) by sending
packets, because memory is not freed in situations where a CMAC key is used
and associated with a CMAC algorithm in the ntp.keys file.
bugs.gentoo.org/729458
bugs.ntp.org/show_bug.cgi?id=3661
launchpad.net/bugs/cve/CVE-2020-15025
nvd.nist.gov/vuln/detail/CVE-2020-15025
security-tracker.debian.org/tracker/CVE-2020-15025
support.ntp.org/bin/view/Main/NtpBug3661
support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
ubuntu.com/security/notices/USN-5175-1
www.cve.org/CVERecord?id=CVE-2020-15025
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
76.4%