CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
talosCNA
6.1 MEDIUM
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
netappactive_iq_unified_manager
-
netappcloud_backup
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
systemd
bullseye
unimportant
bullseye (security)
unimportant
bookworm
252.30-1~deb12u2
fixed
sid
256.7-3
fixed
trixie
256.7-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
systemd
noble
Fixed 248.3-1ubuntu3
released
mantic
Fixed 248.3-1ubuntu3
released
lunar
Fixed 248.3-1ubuntu3
released
kinetic
Fixed 248.3-1ubuntu3
released
jammy
Fixed 248.3-1ubuntu3
released
impish
Fixed 248.3-1ubuntu3
released
hirsute
Fixed 247.3-3ubuntu3.4
released
groovy
Fixed 246.6-1ubuntu1.7
released
focal
Fixed 245.4-4ubuntu3.10
released
bionic
Fixed 237-3ubuntu10.49
released
xenial
Fixed 229-4ubuntu21.31+esm1
released
trusty
needed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142