K55376430 : NTP vulnerabilities CVE-2020-13817

Security Advisory Description

The ntpd in the network time protocol (NTP) before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers to cause a denial-of-service (DoS), either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim’sntpd instance. (CVE-2020-13817)

Impact

An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim’s clock by a limited amount or cause ntpd to exit.

BIG-IP

Your BIG-IP system is affected only when you configure it as an NTP server, and sources for the BIG-IP system’s time are unreliable, unauthenticated, upstream NTP servers.

BIG-IQ

The BIG-IQ system is not directly affected by this vulnerability, but it inherits the vulnerability from the BIG-IP system.