Home

CVE-2020-11868

Description

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.301

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:2663) ntp security update ntp-4.2.6p5-29.el7_8.2.x86_64.rpmLinux
(RHSA-2020:2663) ntp security update ntp-doc-4.2.6p5-29.el7_8.2.noarch.rpmLinux
(RHSA-2020:2663) ntp security update ntp-perl-4.2.6p5-29.el7_8.2.noarch.rpmLinux
(RHSA-2020:2663) ntp security update ntpdate-4.2.6p5-29.el7_8.2.x86_64.rpmLinux
(RHSA-2020:2663) ntp security update sntp-4.2.6p5-29.el7_8.2.x86_64.rpmLinux
Ntp update (ELSA-2020-2663) ntp-4.2.6p5-29.0.1.el7_8.2.x86_64.rpmLinux
Ntpdate update (ELSA-2020-2663) ntpdate-4.2.6p5-29.0.1.el7_8.2.x86_64.rpmLinux
Sntp update (ELSA-2020-2663) sntp-4.2.6p5-29.0.1.el7_8.2.x86_64.rpmLinux
Ntp-doc update (ELSA-2020-2663) ntp-doc-4.2.6p5-29.0.1.el7_8.2.noarch.rpmLinux
Ntp-perl update (ELSA-2020-2663) ntp-perl-4.2.6p5-29.0.1.el7_8.2.noarch.rpmLinux
SUSE-SU-2020:1805-1(SUSE Linux Enterprise Server 12-SP5) ntp-4.2.8p15-88.1.x86_64.rpmLinux
SUSE-SU-2020:1805-1(SUSE Linux Enterprise Server 12-SP5) ntp-debuginfo-4.2.8p15-88.1.x86_64.rpmLinux
SUSE-SU-2020:1805-1(SUSE Linux Enterprise Server 12-SP5) ntp-debugsource-4.2.8p15-88.1.x86_64.rpmLinux
SUSE-SU-2020:1805-1(SUSE Linux Enterprise Server 12-SP5) ntp-doc-4.2.8p15-88.1.x86_64.rpmLinux
(RHSA-2020:2663)Moderate: security update ntp-debuginfo-4.2.6p5-29.el7_8.2.x86_64.rpmLinux
Origin Validation Error Vulnerability (CVE-2020-11868)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234