CVE-2020-13817
HIGHntp < 4.2.8p14 and 4.3.x < 4.3.100 - Denial of Service via Predictable Transmit Timestamps
Title source: llmDescription
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202007-12
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2022.html
Vendor Advisory x_refsource_misc
http://support.ntp.org/bin/view/Main/NtpBug3596
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugs.ntp.org/show_bug.cgi?id=3596
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200625-0004/
Scores
CVSS v3
7.4
EPSS
0.0409
EPSS Percentile
89.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-330
Status
published
Products (24)
fujitsu/m10-1_firmware
< xcp2410
fujitsu/m10-4_firmware
< xcp2410
fujitsu/m10-4s_firmware
< xcp2410
fujitsu/m12-1_firmware
< xcp2410
fujitsu/m12-2_firmware
< xcp2410
fujitsu/m12-2s_firmware
< xcp2410
netapp/cloud_backup
netapp/clustered_data_ontap
netapp/data_ontap
netapp/element_software
... and 14 more
Published
Jun 04, 2020
Tracked Since
Feb 18, 2026