CVE-2020-13817
Summary
| CVE | CVE-2020-13817 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-04 13:15:00 UTC |
| Updated | 2022-03-29 18:05:00 UTC |
| Description | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. |
Risk And Classification
Problem Types: CWE-330
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Fujitsu | M10-1 | - | All | All | All |
| Operating System | Fujitsu | M10-1 Firmware | All | All | All | All |
| Hardware | Fujitsu | M10-4 | - | All | All | All |
| Hardware | Fujitsu | M10-4s | - | All | All | All |
| Operating System | Fujitsu | M10-4s Firmware | All | All | All | All |
| Operating System | Fujitsu | M10-4 Firmware | All | All | All | All |
| Hardware | Fujitsu | M12-1 | - | All | All | All |
| Operating System | Fujitsu | M12-1 Firmware | All | All | All | All |
| Hardware | Fujitsu | M12-2 | - | All | All | All |
| Hardware | Fujitsu | M12-2s | - | All | All | All |
| Operating System | Fujitsu | M12-2s Firmware | All | All | All | All |
| Operating System | Fujitsu | M12-2 Firmware | All | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Application | Netapp | Data Ontap | - | All | All | All |
| Application | Netapp | Element Software | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Hardware | Netapp | Hci Compute Node | - | All | All | All |
| Operating System | Netapp | Hci Compute Node Firmware | - | All | All | All |
| Application | Netapp | Hci Management Node | - | All | All | All |
| Application | Netapp | Ontap Tools | - | All | All | All |
| Application | Netapp | Solidfire | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Application | Ntp | Ntp | All | All | All | All |
| Application | Ntp | Ntp | 4.2.8 | - | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p10 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p11 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p12 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p13 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p6 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p7 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p8 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p9 | All | All |
| Application | Ntp | Ntp | All | All | All | All |
| Application | Ntp | Ntp | 4.2.8 | - | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-beta5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p1-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p10 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p11 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p12 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p13 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p2-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc1 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc2 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p3-rc3 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p4 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p5 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p6 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p7 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p8 | All | All |
| Application | Ntp | Ntp | 4.2.8 | p9 | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| NTP: Multiple vulnerabilities (GLSA 202007-12) — Gentoo security | GENTOO | security.gentoo.org | |
| support.ntp.org/bin/view/Main/NtpBug3596 | MISC | support.ntp.org | Vendor Advisory |
| Bug 3596 – ntpd uses highly predictable transmit timestamps | MISC | bugs.ntp.org | Issue Tracking, Vendor Advisory |
| Oracle Critical Patch Update Advisory - January 2022 | MISC | www.oracle.com | |
| CVE-2020-13817 NTP Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [security-announce] openSUSE-SU-2020:0934-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2020:1007-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296073 Oracle Solaris 11.4 Support Repository Update (SRU) 24.75.2 Missing (CPUJUL2020)
- 376064 F5 BIG-IP Application Security Manager (ASM), Access Policy Manager (APM), Local Traffic Manager (LTM) Network Time Protocol (NTP) Vulnerabilities (K55376430)
- 376065 F5 BIG-IP Local Traffic Manager (LTM), Access Policy Manager (APM), Application Security Manager (ASM) NTP Vulnerabilities (K55376430)
- 377241 Alibaba Cloud Linux Security Update for ntp (ALINUX2-SA-2020:0103)
- 38871 Network Time Protocol Multiple Security Vulnerabilities (ntp-4.2.8p14)