CVE Vulnerability

CVE-2020-11868

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://support.ntp.org/bin/view/Main/NtpBug3592 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1716665 Issue Tracking Third Party Advisory
https://security.netapp.com/advisory/ntap-20200424-0002/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00004.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202007-12 Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Information

Published : 2020-04-17 04:15

Updated : 2022-04-26 05:05

NVD link : CVE-2020-11868

Mitre link : CVE-2020-11868

Products Affected

Fabric-attached Storage A400 Firmware

Netapp

CWE
CWE-346