Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-11868

Published: 17/04/2020 Updated: 26/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ntp

Vulnerability Summary

ntpd in ntp prior to 4.2.8p14 and 4.3.x prior to 4.3.100 allows an off-path malicious user to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp 4.2.8

ntp ntp

redhat enterprise linux 7.0

netapp clustered data ontap -

netapp virtual storage console

netapp data ontap -

netapp vasa provider for clustered data ontap

netapp solidfire -

netapp hci management node -

netapp hci_storage_node_firmware -

netapp fabric-attached_storage_8300_firmware -

netapp fabric-attached_storage_8700_firmware -

netapp fabric-attached_storage_a400_firmware -

netapp all_flash_fabric-attached_storage_8300_firmware -

netapp all_flash_fabric-attached_storage_8700_firmware -

netapp all_flash_fabric-attached_storage_a400_firmware -

debian debian linux 8.0

opensuse leap 15.1

opensuse leap 15.2

Vendor Advisories

Red Hat: Moderate: ntp security update
Synopsis Moderate: ntp security update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Debian CVElist Bug Report Logs: CVE-2020-11868 affecting ntpsec?
Debian Bug report logs - #958027 CVE-2020-11868 affecting ntpsec? Package: src:ntpsec; Maintainer for src:ntpsec is Richard Laager <rlaager@wiktelcom>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 17 Apr 2020 15:03:02 UTC Severity: important Tags: security Reply or subscribe to this bug Toggle ...
Amazon Linux 2: ALAS2-2020-1455
ntpd in ntp before 428p14 and 43x before 43100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets The victim must be relying on unauthenticated IPv4 time sources There must be an off-path attacker who can query time from the victim's ntpd inst ...

References

CWE-346http://support.ntp.org/bin/view/Main/NtpBug3592https://bugzilla.redhat.com/show_bug.cgi?id=1716665https://security.netapp.com/advisory/ntap-20200424-0002/https://lists.debian.org/debian-lts-announce/2020/05/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlhttps://security.gentoo.org/glsa/202007-12https://www.oracle.com//security-alerts/cpujul2021.htmlhttps://access.redhat.com/errata/RHSA-2020:2663https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1455.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook