CVE-2020-13529

CWE-290 CWE-306 — Missing Authentication10 documents7 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 75.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Fedora Systemd Project Systemd

Timeline

PublishedMay 10

Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 1.6 | Impact: 4.0

Affected Packages4 packages

▶Debiansystemd< 249.4-2+2

▶Ubuntusystemd< 237-3ubuntu10.49+1

▶CVEListV5systemdCanonical Ubuntu 20.04 LTS, Systemd 245

▶NVDsystemd_project/systemd245

Also affects: Fedora 33

🔴Vulnerability Details

GHSA

GHSA-44p7-qpr4-rgvf: An exploitable denial-of-service vulnerability exists in Systemd 245↗2022-05-24

▶

OSV

systemd vulnerabilities↗2021-07-20

▶

OSV

systemd vulnerabilities↗2021-07-20

▶

OSV

CVE-2020-13529: An exploitable denial-of-service vulnerability exists in Systemd 245↗2021-05-10

▶

CVEList

CVE-2020-13529: An exploitable denial-of-service vulnerability exists in Systemd 245↗2021-05-10

▶

📋Vendor Advisories

Ubuntu

systemd vulnerabilities↗2021-07-20

▶

Ubuntu

systemd vulnerabilities↗2021-07-20

▶

Red Hat

systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured↗2021-04-26

▶

Debian

CVE-2020-13529: systemd - An exploitable denial-of-service vulnerability exists in Systemd 245. A speciall...↗2020

▶