Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2020-25705

Published: 17/11/2020 Updated: 18/05/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Linux Kernel

Vulnerability Summary

A flaw in ICMP packets in the Linux kernel may allow an malicious user to quickly scan open UDP ports. This flaw allows an off-path remote malicious user to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

redhat enterprise linux 7.0

redhat enterprise linux 8.0

Vendor Advisories

Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

ICS Advisories

Siemens Linux-based Products (Update G)
https://ics-cert.us-cert.gov/advisories/1c5953bf7b4cffc98481adf559672c1a
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/tdwyer/CVE-2020-25705

PoC for CVE-2020-25705 POC-2020-25705

CVE-2020-25705 PoC for CVE-2020-25705 POC-2020-25705 This is a work in progress I'll finish it on Monday :p but there is likely enough here already for you to complete it

References

CWE-330https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03https://access.redhat.com/errata/RHSA-2021:0537https://nvd.nist.govhttps://github.com/tdwyer/CVE-2020-25705https://www.cisa.gov/uscert/ics/advisories/icsa-21-131-03
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook