CVE-2020-13529
Public on 2021-05-10
Modified on 2024-01-12
Description
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | NetworkManager-1.18.8-1.amzn2.0.1 | Pending Fix | ||
| Amazon Linux 2023 | NetworkManager-1.30.6-1.amzn2022.0.2 | Not Affected | ||
| Amazon Linux 2 - Core | systemd | 2022-09-30 | ALAS2-2022-1854 | Fixed |
| Amazon Linux 2 - Core | systemd-219-78.amzn2.0.17 | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
| NVD | CVSSv3 | 6.1 | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H |
| NVD | CVSSv2 | 2.9 | AV:A/AC:M/Au:N/C:N/I:N/A:P |