CVE-2020-13817 HIGH

Published: 2020-06-04 | Last Modified: 2025-05-05 | Status: Modified

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.

Additional Descriptions (1)

ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegación de servicio (salida del demonio o cambio de hora del sistema) mediante la predicción de las marcas de tiempo de transmisión para su uso en paquetes falsificados. La víctima debe confiar en fuentes de tiempo IPv4 no autenticadas. Debe haber un atacante fuera de la ruta que pueda consultar el tiempo desde la instancia ntpd de la víctima

CVSS Metrics

Base Score: 7.4 (HIGH)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 5.2

Base Score: 5.8 (MEDIUM)

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 4.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-330
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-330

Affected Products

Vendor	Product	Version	Update	Type
ntp	ntp	*	<built-in method update of dict object at 0x72a9cd05d080>	Application
ntp	ntp	*	<built-in method update of dict object at 0x72a9cce802c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd092b40>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd05e4c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd0932c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd0934c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a99be55f80>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9ccf00280>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cce83c40>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd090400>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0c35d80>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cce82400>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd091100>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0c35580>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9a0122ec0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9ccf03380>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9a0123f80>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9a0120940>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cce81280>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0c358c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cce82a00>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0c34d80>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9ccf02240>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0b5d3c0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9b0c35ec0>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd093e40>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cd05d540>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a9cce81380>	Application
ntp	ntp	4.2.8	<built-in method update of dict object at 0x72a99be57900>	Application
netapp	cloud_backup	-	<built-in method update of dict object at 0x72a99be54f40>	Application
netapp	clustered_data_ontap	-	<built-in method update of dict object at 0x72a9b0d8fe40>	Application
netapp	data_ontap	-	<built-in method update of dict object at 0x72a9b0d8c180>	Application
netapp	element_software	-	<built-in method update of dict object at 0x72a9cce80e40>	Application
netapp	hci_management_node	-	<built-in method update of dict object at 0x72a9a0123c40>	Application
netapp	ontap_tools	-	<built-in method update of dict object at 0x72a9a0120b40>	Application
netapp	solidfire	-	<built-in method update of dict object at 0x72a9a01230c0>	Application
netapp	steelstore_cloud_integrated_storage	-	<built-in method update of dict object at 0x72a9cce80d80>	Application
netapp	hci_compute_node_firmware	-	<built-in method update of dict object at 0x72a9a01220c0>	Operating System
netapp	h410c_firmware	-	<built-in method update of dict object at 0x72a9ccf01d00>	Operating System
netapp	h300s_firmware	-	<built-in method update of dict object at 0x72a9a01201c0>	Operating System
netapp	h500s_firmware	-	<built-in method update of dict object at 0x72a9b04791c0>	Operating System
netapp	h700s_firmware	-	<built-in method update of dict object at 0x72a9a0122e00>	Operating System
netapp	h300e_firmware	-	<built-in method update of dict object at 0x72a9a0120140>	Operating System
netapp	h500e_firmware	-	<built-in method update of dict object at 0x72a9b047b140>	Operating System
netapp	h700e_firmware	-	<built-in method update of dict object at 0x72a9b047bcc0>	Operating System
netapp	h410s_firmware	-	<built-in method update of dict object at 0x72a9cd090800>	Operating System
opensuse	leap	15.1	<built-in method update of dict object at 0x72a9cce80100>	Operating System
opensuse	leap	15.2	<built-in method update of dict object at 0x72a9cce81000>	Operating System
fujitsu	m10-1_firmware	*	<built-in method update of dict object at 0x72a9cce81980>	Operating System
fujitsu	m10-4_firmware	*	<built-in method update of dict object at 0x72a9cce80ec0>	Operating System
fujitsu	m10-4s_firmware	*	<built-in method update of dict object at 0x72a9cce80580>	Operating System
fujitsu	m12-1_firmware	*	<built-in method update of dict object at 0x72a9cce82480>	Operating System
fujitsu	m12-2_firmware	*	<built-in method update of dict object at 0x72a9cce81b40>	Operating System
fujitsu	m12-2s_firmware	*	<built-in method update of dict object at 0x72a9cce828c0>	Operating System
fujitsu	m10-4_firmware	*	<built-in method update of dict object at 0x72a9cce80500>	Operating System
fujitsu	m10-4s_firmware	*	<built-in method update of dict object at 0x72a9994a9980>	Operating System
fujitsu	m12-1_firmware	*	<built-in method update of dict object at 0x72a9b0df7400>	Operating System
fujitsu	m12-2_firmware	*	<built-in method update of dict object at 0x72a9b0df6940>	Operating System
fujitsu	m12-2s_firmware	*	<built-in method update of dict object at 0x72a9b0df4d80>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:ntp:ntp::::::::`
Yes	`cpe:2.3:a:ntp:ntp::::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:-::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p10::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p11::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p12::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p13::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p2::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p3::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p4::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p5::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p6::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p7::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p8::::::`
Yes	`cpe:2.3:a:ntp:ntp:4.2.8:p9::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:netapp:cloud_backup:-:::::::*`
Yes	`cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*`
Yes	`cpe:2.3:a:netapp:data_ontap:-:::::7-mode::`
Yes	`cpe:2.3:a:netapp:element_software:-:::::::*`
Yes	`cpe:2.3:a:netapp:hci_management_node:-:::::::*`
Yes	`cpe:2.3:a:netapp:ontap_tools:-:::::vmware_vsphere::`
Yes	`cpe:2.3:a:netapp:solidfire:-:::::::*`
Yes	`cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:hci_compute_node_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:hci_compute_node:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h410c_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h410c:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h300s_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h300s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h500s_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h500s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h700s_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h700s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h300e_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h300e:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h500e_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h500e:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h700e_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h700e:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:netapp:h410s_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:netapp:h410s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:opensuse:leap:15.1:::::::*`
Yes	`cpe:2.3:o:opensuse:leap:15.2:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m10-1_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m10-1:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m10-4_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m10-4:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m10-4s_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m10-4s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-1_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-1:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-2_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-2:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-2s_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-2s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m10-4_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m10-4:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m10-4s_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m10-4s:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-1_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-1:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-2_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-2:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fujitsu:m12-2s_firmware::::::::`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:fujitsu:m12-2s:-:::::::*`

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
Source: [email protected]

Mailing List Third Party Advisory
http://support.ntp.org/bin/view/Main/NtpBug3596
Source: [email protected]

Vendor Advisory
https://bugs.ntp.org/show_bug.cgi?id=3596
Source: [email protected]

Issue Tracking Vendor Advisory
https://security.gentoo.org/glsa/202007-12
Source: [email protected]

Third Party Advisory
https://security.netapp.com/advisory/ntap-20200625-0004/
Source: [email protected]

Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: [email protected]

Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://support.ntp.org/bin/view/Main/NtpBug3596
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://bugs.ntp.org/show_bug.cgi?id=3596
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking Vendor Advisory
https://security.gentoo.org/glsa/202007-12
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.netapp.com/advisory/ntap-20200625-0004/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory