PRIOn knowledge basePRION:CVE-2020-13817Design/Logic Flaw
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.033 Low
EPSS
Percentile
91.0%
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victimβs ntpd instance.
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
support.ntp.org/bin/view/Main/NtpBug3596
bugs.ntp.org/show_bug.cgi?id=3596
security.gentoo.org/glsa/202007-12
security.netapp.com/advisory/ntap-20200625-0004/
www.oracle.com/security-alerts/cpujan2022.html
Related
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
7.2 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.033 Low
EPSS
Percentile
91.0%