CVE-2020-15025

MEDIUM EPSS 87.2%
Published Jun 24, 20206y ago · Modified Jun 17, 20262w ago
4.9 CVSS 3.1
Medium
Find Similar
Published Jun 24, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.

CVSS Details

Base Score
4.9
Exploitability
1.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
87.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 32

VendorProductVersionRange
ntpntp*≥4.3.97  –  <4.3.101
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
ntpntp4.2.8any
opensuseleap15.1any
opensuseleap15.2any
netappcloud_backup*any
netappsteelstore_cloud_integrated_storage*any
netapp8300_firmware*any
netapp8300*any
netapp8700_firmware*any
netapp8700*any
netappa400_firmware*any
netappa400*any
netapph410c_firmware*any
netapph410c*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph300e_firmware*any
netapph300e*any
netapph500e_firmware*any
netapph500e*any
netapph700e_firmware*any
netapph700e*any
netapph410s_firmware*any
netapph410s*any
oraclezfs_storage_appliance_kit8.8any

References 8

  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
    Mailing ListThird Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
    Mailing ListThird Party Advisory
  • bugs.gentoo.org https://bugs.gentoo.org/729458
    Issue TrackingThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202007-12
    Third Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20200702-0002/
    Third Party Advisory
  • support.ntp.org https://support.ntp.org/bin/view/Main/NtpBug3661
    Vendor Advisory
  • support.ntp.org https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
    Release NotesVendor Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujan2021.html
    PatchThird Party Advisory

Remediation

  • oracle.com https://www.oracle.com/security-alerts/cpujan2021.html
    PatchThird Party Advisory