CVE-2020-11868
published 2020-04-17CVE-2020-11868: ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | ntp | < ntp 1:4.2.8p14+dfsg-1 (bullseye) | ntp 1:4.2.8p14+dfsg-1 (bullseye) |
| debian | ntpsec | < ntp 1:4.2.8p14+dfsg-1 (bullseye) | ntp 1:4.2.8p14+dfsg-1 (bullseye) |
| netapp | vasa_provider_for_clustered_data_ontap | >= 7.2 | — |
| netapp | virtual_storage_console | >= 7.2 | — |
| ntp | ntp | <= 4.2.7 | — |
| ntp | ntp | — | — |
| ntp | ntp | >= 0 < 1:4.2.8p14+dfsg-1 | 1:4.2.8p14+dfsg-1 |
| ntp | ntp | >= 4.3.98 < 4.3.100 | 4.3.100 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH