Lucene search
HistoryNov 17, 2020 - 2:15 a.m.
CVE-2020-25705
cve-2020-25705
linux kernel
icmp
udp ports
security vulnerability
ruggedcom rm1224
scalance m-800
scalance s615
scalance sc-600
scalance w1750d
simatic cloud connect 7
simatic mv500 family
simatic net cp 1243-1
simatic net cp 1243-7 lte eu
nvd
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.003
Percentile
69.8%
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
Affected configurations
Node
recall-products_projectrecall-productsRange≤5.0wordpress
ORrecall-products_projectrecall-productsRange≤6.4wordpress
ORrecall-products_projectrecall-productsRange≤5.0wordpress
ORrecall-products_projectrecall-productsRange≤6.4wordpress
ORrecall-products_projectrecall-productsRange≤5.0wordpress
ORrecall-products_projectrecall-productsRange≤6.4wordpress
ORrecall-products_projectrecall-productsRange≤2.1.3wordpress
ORrecall-products_projectrecall-productsRange≤8.3.0.1wordpress
ORrecall-products_projectrecall-productsRange≤8.6.0wordpress
ORrecall-products_projectrecall-productsRange≤8.7.0wordpress
ORrecall-products_projectrecall-productswordpress
ORrecall-products_projectrecall-productswordpress
ORrecall-products_projectrecall-productsRange≤3.1.39wordpress
ORrecall-products_projectrecall-productsRange≤3.1.39wordpress
ORrecall-products_projectrecall-productsRange≤3.1.39wordpress
ORrecall-products_projectrecall-productsRange≤3.1.39wordpress
ORrecall-products_projectrecall-productsRange≤3.1.39wordpress
ORrecall-products_projectrecall-productsRange≤2.0wordpress
ORrecall-products_projectrecall-productsRange≤2.0wordpress
ORrecall-products_projectrecall-productsRange≤2.2wordpress
ORrecall-products_projectrecall-productsRange≤2.0wordpress
ORrecall-products_projectrecall-productswordpress
ORrecall-products_projectrecall-productsRange≤3.0wordpress
ORrecall-products_projectrecall-productswordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
| nctsoft_products | nctaudioeditor | * | cpe:2.3:a:nctsoft_products:nctaudioeditor:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Siemens Lunux Based Products",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE US: Versions 3.1.39 and later, SIMATIC NET CP 1243-7: Versions 3.1.39 and later, SIMATIC NET CP 1243-8 IRC: Versions 3.1.39 and later, SIMATIC NET CP 1542SP-1 IRC (incl. SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1542SP-1: Versions 2.0 and later, SIMATIC NET CP 1543-1 (incl. SIPLUS variants): Versions 2.2 and later, SIMATIC NET CP 1543SP-1 (incl SIPLUS variants): Versions 2.0 and later, SIMATIC NET CP 1545-1: All versions, SINEMA Remote Connect Server: All versions prior to v3.0 SP1, TIM 1531 IRC (incl. SI ...[truncated*]"
}
]
}
]Social References
More
Related
ubuntucve
ubuntucve
CVE-2020-25705
2020-11-17 00:00:00
ibm
ibm
githubexploit
githubexploit
Exploit for Use of Insufficiently Random Values in Linux Linux Kernel
2020-11-14 08:53:13
cbl_mariner
cbl_mariner
CVE-2020-25705 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
nessus
nessus
F5 Networks BIG-IP : Linux kernel vulnerability (K09604370)
2021-03-19 00:00:00
NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2021-0126)
2021-10-28 00:00:00
Oracle Linux 8 : kernel (ELSA-2021-0558)
2021-02-18 00:00:00
nvd
nvd
CVE-2020-25705
2020-11-17 02:15:13
f5
f5
K09604370 : Linux kernel vulnerability CVE-2020-25705
2020-12-23 00:00:00
BIG-IP TMM vulnerability CVE-2022-26071
2022-05-04 11:52:00
veracode
veracode
Source Port UDP Randomization Bypass
2020-12-06 02:21:40
openwrt
openwrt
ics
ics
Siemens Linux-based Products (Update J)
2022-08-18 12:00:00
Siemens SIMATIC
2024-03-14 12:00:00
redhatcve
redhatcve
CVE-2020-25705
2020-12-09 16:45:11
CVE-2021-20322
2021-10-18 11:13:53
osv
osv
Android Vomit Report
2021-04-01 00:00:00
Important: kernel security, bug fix, and enhancement update
2021-02-16 07:36:08
cvelist
cvelist
CVE-2020-25705
2020-11-17 01:16:17
debiancve
debiancve
CVE-2020-25705
2020-11-17 02:15:13
prion
prion
Design/Logic Flaw
2020-11-17 02:15:00
thn
thn
SAD DNS — New Flaws Re-Enable DNS Cache Poisoning Attacks
2020-11-13 07:12:00
Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws
2020-12-09 04:57:00
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2021-02-16 07:36:08
redhat
redhat
(RHSA-2021:0558) Important: kernel security, bug fix, and enhancement update
2021-02-16 07:36:08
(RHSA-2021:0537) Important: kernel-rt security and bug fix update
2021-02-16 07:32:29
(RHSA-2021:2355) Important: kernel security and bug fix update
2021-06-09 08:29:48
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2021-02-17 00:00:00
Unbreakable Enterprise kernel security update
2021-01-12 00:00:00
Unbreakable Enterprise kernel security update
2021-01-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:3507-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3651-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:3326-1)
2021-04-19 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2020-11-26 00:00:00
Security update for the Linux Kernel (important)
2020-12-05 00:00:00
Security update for the Linux Kernel (important)
2020-12-15 00:00:00
ubuntu
ubuntu
Linux kernel regression
2020-12-13 00:00:00
Linux kernel vulnerabilities
2020-12-02 00:00:00
Linux kernel vulnerabilities
2021-01-06 00:00:00
cloudfoundry
cloudfoundry
USN-4680-1: Linux kernel vulnerabilities | Cloud Foundry
2021-02-10 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-03-18 23:24:41
debian
debian
[SECURITY] [DLA 2494-1] linux security update
2020-12-18 12:14:03
[SECURITY] [DLA 2483-1] linux-4.19 security update
2020-12-10 11:11:34
photon
photon
Important Photon OS Security Update - PHSA-2020-0294
2020-11-06 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0338
2020-11-17 00:00:00
Critical Photon OS Security Update - PHSA-2020-0338
2020-11-17 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2021-01-15 15:31:01
Updated kernel packages fix security vulnerabilities
2021-01-15 15:31:01
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
7.4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
High
EPSS
0.003
Percentile
69.8%
Related for CVE-2020-25705