CVE-2020-13817

HIGH EPSS 89.4%
Published Jun 4, 20206y ago · Modified Jun 17, 20262w ago
7.4 CVSS 3.1
High
Find Similar
Published Jun 4, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

CVSS Details

Base Score
7.4
Exploitability
2.2
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
89.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-330

Affected Products 79

VendorProductVersionRange
ntpntp* <4.2.8
ntpntp*≥4.3.0  –  <4.3.100
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
netappcloud_backup*any
netappclustered_data_ontap*any
netappdata_ontap*any
netappelement_software*any
netapphci_management_node*any
netappontap_tools*any
netappsolidfire*any
netappsteelstore_cloud_integrated_storage*any
netapphci_compute_node_firmware*any
netapphci_compute_node*any
netapph410c_firmware*any
netapph410c*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph300e_firmware*any
netapph300e*any
netapph500e_firmware*any
netapph500e*any
netapph700e_firmware*any
netapph700e*any
netapph410s_firmware*any
netapph410s*any
opensuseleap15.1any
opensuseleap15.2any
fujitsum10-1_firmware* <xcp2410
fujitsum10-1*any
fujitsum10-4_firmware* <xcp2410
fujitsum10-4*any
fujitsum10-4s_firmware* <xcp2410
fujitsum10-4s*any
fujitsum12-1_firmware* <xcp2410
fujitsum12-1*any
fujitsum12-2_firmware* <xcp2410
fujitsum12-2*any
fujitsum12-2s_firmware* <xcp2410
fujitsum12-2s*any
fujitsum10-4_firmware* <xcp3110
fujitsum10-4*any
fujitsum10-4s_firmware* <xcp3110
fujitsum10-4s*any
fujitsum12-1_firmware* <xcp3110
fujitsum12-1*any
fujitsum12-2_firmware* <xcp3110
fujitsum12-2*any
fujitsum12-2s_firmware* <xcp3110
fujitsum12-2s*any

References 7

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
    Mailing ListThird Party Advisory
  • support.ntp.org http://support.ntp.org/bin/view/Main/NtpBug3596
    Vendor Advisory
  • bugs.ntp.org https://bugs.ntp.org/show_bug.cgi?id=3596
    Issue TrackingVendor Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202007-12
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20200625-0004/
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujan2022.html
    PatchThird Party Advisory

Remediation

  • oracle.com https://www.oracle.com/security-alerts/cpujan2022.html
    PatchThird Party Advisory