K44305703 : NTP vulnerability CVE-2020-11868

2020-06-0200:00:00

my.f5.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.021 Low

EPSS

Percentile

88.1%

JSON

Security Advisory Description

The ntpd daemon in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (CVE-2020-11868)

Impact

Attackers who can guess the IP address of configured time server(s) and deliver a spoofed packet to TMOS systems may delay communication with time servers, potentially causing a loss of clock synchronization.

CPENameOperatorVersion
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-iq centralized managementeq8.0.0
big-iq centralized managementeq8.1.0
big-iq centralized managementeq8.2.0

Name	Operator	Version
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-iq centralized management	eq	8.0.0
big-iq centralized management	eq	8.1.0
big-iq centralized management	eq	8.2.0