7.4

CVE-2020-13817

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NtpNtp Version < 4.2.8
NtpNtp Version >= 4.3.0 < 4.3.100
NtpNtp Version4.2.8 Update-
NtpNtp Version4.2.8 Updatep1
NtpNtp Version4.2.8 Updatep1-beta1
NtpNtp Version4.2.8 Updatep1-beta2
NtpNtp Version4.2.8 Updatep1-beta3
NtpNtp Version4.2.8 Updatep1-beta4
NtpNtp Version4.2.8 Updatep1-beta5
NtpNtp Version4.2.8 Updatep1-rc1
NtpNtp Version4.2.8 Updatep1-rc2
NtpNtp Version4.2.8 Updatep10
NtpNtp Version4.2.8 Updatep11
NtpNtp Version4.2.8 Updatep12
NtpNtp Version4.2.8 Updatep13
NtpNtp Version4.2.8 Updatep2
NtpNtp Version4.2.8 Updatep2-rc1
NtpNtp Version4.2.8 Updatep2-rc2
NtpNtp Version4.2.8 Updatep2-rc3
NtpNtp Version4.2.8 Updatep3
NtpNtp Version4.2.8 Updatep3-rc1
NtpNtp Version4.2.8 Updatep3-rc2
NtpNtp Version4.2.8 Updatep3-rc3
NtpNtp Version4.2.8 Updatep4
NtpNtp Version4.2.8 Updatep5
NtpNtp Version4.2.8 Updatep6
NtpNtp Version4.2.8 Updatep7
NtpNtp Version4.2.8 Updatep8
NtpNtp Version4.2.8 Updatep9
NetappCloud Backup Version-
NetappData Ontap Version- SwPlatform7-mode
NetappElement Software Version-
NetappOntap Tools Version- SwPlatformvmware_vsphere
NetappSolidfire Version-
NetappHci Compute Node Firmware Version-
   NetappHci Compute Node Version-
NetappH410c Firmware Version-
   NetappH410c Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
OpensuseLeap Version15.1
OpensuseLeap Version15.2
FujitsuM10-1 Firmware Version < xcp2410
   FujitsuM10-1 Version-
FujitsuM10-4 Firmware Version < xcp2410
   FujitsuM10-4 Version-
FujitsuM10-4s Firmware Version < xcp2410
   FujitsuM10-4s Version-
FujitsuM12-1 Firmware Version < xcp2410
   FujitsuM12-1 Version-
FujitsuM12-2 Firmware Version < xcp2410
   FujitsuM12-2 Version-
FujitsuM12-2s Firmware Version < xcp2410
   FujitsuM12-2s Version-
FujitsuM10-4 Firmware Version < xcp3110
   FujitsuM10-4 Version-
FujitsuM10-4s Firmware Version < xcp3110
   FujitsuM10-4s Version-
FujitsuM12-1 Firmware Version < xcp3110
   FujitsuM12-1 Version-
FujitsuM12-2 Firmware Version < xcp3110
   FujitsuM12-2 Version-
FujitsuM12-2s Firmware Version < xcp3110
   FujitsuM12-2s Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.583
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
cve@mitre.org 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

https://bugs.ntp.org/show_bug.cgi?id=3596
Vendor Advisory
Issue Tracking