IM
IronMonkey Threat Research

CVE-2020-11868 HIGH

Published: 2020-04-17 | Last Modified: 2025-05-05 | Status: Modified

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Additional Descriptions (1)

ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsificado, porque las transmisiones son reprogramados aun cuando un paquete carece de una marca de tiempo de origen valido.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 3.6

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-346
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-346

Affected Products

Vendor Product Version Update Type
ntp ntp * <built-in method update of dict object at 0x72a9b0cd7600> Application
ntp ntp * <built-in method update of dict object at 0x72a9b0cd4180> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a346080> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a346180> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd4f40> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd47c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd58c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd6d40> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a344480> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd5540> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a949cf3300> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd46c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a3440c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd4540> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd4b80> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd66c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd6f00> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a347580> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd6b00> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a3461c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a345740> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd43c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a344100> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a346e80> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a345c80> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0cd5900> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a3458c0> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a99a344900> Application
ntp ntp 4.2.8 <built-in method update of dict object at 0x72a9b0d99d00> Application
redhat enterprise_linux 7.0 <built-in method update of dict object at 0x72a9b0d9b640> Operating System
netapp data_ontap - <built-in method update of dict object at 0x72a9b0d9ad80> Application
netapp hci_management_node - <built-in method update of dict object at 0x72a949cf2480> Application
netapp solidfire - <built-in method update of dict object at 0x72a99a347400> Application
netapp vasa_provider_for_clustered_data_ontap * <built-in method update of dict object at 0x72a99a347dc0> Application
netapp vasa_provider_for_clustered_data_ontap * <built-in method update of dict object at 0x72a99a344f40> Application
netapp virtual_storage_console * <built-in method update of dict object at 0x72a99a347340> Application
netapp clustered_data_ontap - <built-in method update of dict object at 0x72a99a344200> Operating System
netapp hci_storage_node_firmware - <built-in method update of dict object at 0x72a99a344ec0> Operating System
netapp fabric-attached_storage_8300_firmware - <built-in method update of dict object at 0x72a9cc6176c0> Operating System
netapp fabric-attached_storage_8700_firmware - <built-in method update of dict object at 0x72a9cc6146c0> Operating System
netapp fabric-attached_storage_a400_firmware - <built-in method update of dict object at 0x72a9cc617500> Operating System
netapp all_flash_fabric-attached_storage_8300_firmware - <built-in method update of dict object at 0x72a9cc617a00> Operating System
netapp all_flash_fabric-attached_storage_8700_firmware - <built-in method update of dict object at 0x72a9cc617280> Operating System
netapp all_flash_fabric-attached_storage_a400_firmware - <built-in method update of dict object at 0x72a9cc617980> Operating System
debian debian_linux 8.0 <built-in method update of dict object at 0x72a9cc617c80> Operating System
opensuse leap 15.1 <built-in method update of dict object at 0x72a9cc617900> Operating System
opensuse leap 15.2 <built-in method update of dict object at 0x72a9cc6179c0> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p10:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p11:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p12:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p13:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
Yes cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*
Yes cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:vsphere:*:*
Yes cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vsphere:*:*
Yes cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:hci_storage_node_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8300_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8300:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:all_flash_fabric-attached_storage_8700_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:all_flash_fabric-attached_storage_8700:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:netapp:all_flash_fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:netapp:all_flash_fabric-attached_storage_a400:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

References

Notification
Message here