Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2020-13817

Published: 04/06/2020 Updated: 29/03/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Subscribe to Ntp

Vulnerability Summary

ntpd in ntp prior to 4.2.8p14 and 4.3.x prior to 4.3.100 allows remote malicious users to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ntp ntp

ntp ntp 4.2.8

netapp cloud backup -

netapp clustered data ontap -

netapp data ontap -

netapp element software -

netapp hci management node -

netapp ontap tools -

netapp solidfire -

netapp steelstore cloud integrated storage -

netapp hci_compute_node_firmware -

netapp h410c_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

opensuse leap 15.1

opensuse leap 15.2

fujitsu m10-1_firmware

fujitsu m10-4_firmware

fujitsu m10-4s_firmware

fujitsu m12-1_firmware

fujitsu m12-2_firmware

fujitsu m12-2s_firmware

Vendor Advisories

Red Hat: Moderate: ntp security update
Synopsis Moderate: ntp security update Type/Severity Security Advisory: Moderate Topic An update for ntp is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which give ...
Amazon Linux 2: ALAS2-2020-1455
ntpd in ntp before 428p14 and 43x before 43100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets The victim must be relying on unauthenticated IPv4 time sources There must be an off-path attacker who can query time from the victim's ntpd inst ...

References

CWE-330http://support.ntp.org/bin/view/Main/NtpBug3596https://bugs.ntp.org/show_bug.cgi?id=3596https://security.netapp.com/advisory/ntap-20200625-0004/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.htmlhttps://security.gentoo.org/glsa/202007-12https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://access.redhat.com/errata/RHSA-2020:2663https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1455.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook