QID 376064
Date Published: 2021-11-22
QID 376064: F5 BIG-IP Application Security Manager (ASM), Access Policy Manager (APM), Local Traffic Manager (LTM) Network Time Protocol (NTP) Vulnerabilities (K55376430)
The ntpd in the network time protocol (NTP) before 4.2.8p14, and in 4.3.x before 4.3.100, allows remote attackers to cause a denial-of-service (DoS), either daemon exit or system time change, by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance.CVE-2020-13817
Vulnerable Component: BIG-IP APM,LTM,ASM
Affected Versions:
16.0.0
15.1.0
14.1.0 - 14.1.3
13.1.0 - 13.1.3
12.1.0 - 12.1.5
11.6.1 - 11.6.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use this flaw to modify the victim's clock by a limited amount or cause ntpd to exit.
To mitigate this vulnerability, you should perform the following recommended modifications to the NTP service on your BIG-IP system: Configure the BIG-IP system to use only authenticated time sources. Configure NTP packet authentication with symmetric keys. Configure the NTP service to use multiple time sources to reduce the risk of the vulnerability. If your NTP client must get unauthenticated time over IPv4 on a hostile network, configure the BIG-IP system as an NTP server to use restrict no-serve-packets to block time service to the specified network to prevent this attack (note that this is a heavy-handed protection). Monitor log messages in /var/log/ltm and /var/log/daemon from the ntpd daemon.
- K55376430 -
support.f5.com/csp/article/K55376430
CVEs related to QID 376064
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| K55376430 |
support.f5.com/csp/article/K55376430 |