Vulnerability DatabaseCVE-2020-13817
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2020-13817
June 04, 2020
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
Related Resources (10)
https://www.oracle.com/security-alerts/cpujan2022.html
https://security.gentoo.org/glsa/202007-12
http://support.ntp.org/bin/view/Main/NtpBug3596
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-13817
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
https://security-tracker.debian.org/tracker/CVE-2020-13817
https://security.netapp.com/advisory/ntap-20200625-0004/
https://access.redhat.com/security/cve/CVE-2020-13817
https://bugs.ntp.org/show_bug.cgi?id=3596
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
5.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Use of Insufficiently Random Values
CWE-330
EPSS
Base Score:
0.35