Versio.io

CVE-2020-13817

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 04-06-2020 03:15
Last modified: - 29-03-2022 08:05
Total changes: - 4

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
High
Attack complexity
Network
Attack vector
High
Availability
None
Confidentiality
High
Integrity
None
Privileges required
Unchanged
Scope
None
User interaction
7.4
Base score
2.2
5.2
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=ntp AND product=ntp AND versionEndExcluding=4.2.8
vendor=ntp AND product=ntp AND version=4.2.8 AND update=-
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta1
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta2
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta3
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta4
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-beta5
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-rc1
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p1-rc2
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p10
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p11
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p12
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p13
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc1
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc2
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p2-rc3
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc1
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc2
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p3-rc3
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p4
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p5
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p6
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p7
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p8
vendor=ntp AND product=ntp AND version=4.2.8 AND update=p9
vendor=ntp AND product=ntp AND versionStartIncluding=4.3.0 AND versionEndExcluding=4.3.100
OR
vendor=netapp AND product=cloud_backup AND version=-
vendor=netapp AND product=clustered_data_ontap AND version=-
vendor=netapp AND product=data_ontap AND version=- AND target_software=7-mode
vendor=netapp AND product=element_software AND version=-
vendor=netapp AND product=hci_management_node AND version=-
vendor=netapp AND product=ontap_tools AND version=- AND target_software=vmware_vsphere
vendor=netapp AND product=solidfire AND version=-
vendor=netapp AND product=steelstore_cloud_integrated_storage AND version=-
AND
OR
vendor=netapp AND product=hci_compute_node_firmware AND version=-
OR
vendor=netapp AND product=hci_compute_node AND version=-
AND
OR
vendor=netapp AND product=h410c_firmware AND version=-
OR
vendor=netapp AND product=h410c AND version=-
AND
OR
vendor=netapp AND product=h300s_firmware AND version=-
OR
vendor=netapp AND product=h300s AND version=-
AND
OR
vendor=netapp AND product=h500s_firmware AND version=-
OR
vendor=netapp AND product=h500s AND version=-
AND
OR
vendor=netapp AND product=h700s_firmware AND version=-
OR
vendor=netapp AND product=h700s AND version=-
AND
OR
vendor=netapp AND product=h300e_firmware AND version=-
OR
vendor=netapp AND product=h300e AND version=-
AND
OR
vendor=netapp AND product=h500e_firmware AND version=-
OR
vendor=netapp AND product=h500e AND version=-
AND
OR
vendor=netapp AND product=h700e_firmware AND version=-
OR
vendor=netapp AND product=h700e AND version=-
AND
OR
vendor=netapp AND product=h410s_firmware AND version=-
OR
vendor=netapp AND product=h410s AND version=-
OR
vendor=opensuse AND product=leap AND version=15.1
vendor=opensuse AND product=leap AND version=15.2
AND
OR
vendor=fujitsu AND product=m10-1_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m10-1 AND version=-
AND
OR
vendor=fujitsu AND product=m10-4_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m10-4 AND version=-
AND
OR
vendor=fujitsu AND product=m10-4s_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m10-4s AND version=-
AND
OR
vendor=fujitsu AND product=m12-1_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m12-1 AND version=-
AND
OR
vendor=fujitsu AND product=m12-2_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m12-2 AND version=-
AND
OR
vendor=fujitsu AND product=m12-2s_firmware AND versionEndExcluding=xcp2410
OR
vendor=fujitsu AND product=m12-2s AND version=-
AND
OR
vendor=fujitsu AND product=m10-4_firmware AND versionEndExcluding=xcp3110
OR
vendor=fujitsu AND product=m10-4 AND version=-
AND
OR
vendor=fujitsu AND product=m10-4s_firmware AND versionEndExcluding=xcp3110
OR
vendor=fujitsu AND product=m10-4s AND version=-
AND
OR
vendor=fujitsu AND product=m12-1_firmware AND versionEndExcluding=xcp3110
OR
vendor=fujitsu AND product=m12-1 AND version=-
AND
OR
vendor=fujitsu AND product=m12-2_firmware AND versionEndExcluding=xcp3110
OR
vendor=fujitsu AND product=m12-2 AND version=-
AND
OR
vendor=fujitsu AND product=m12-2s_firmware AND versionEndExcluding=xcp3110
OR
vendor=fujitsu AND product=m12-2s AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-13817

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.