CVE-2020-13529

systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Se presenta una vulnerabilidad de denegación de servicio explotable en Systemd 245. Un paquete DHCP FORCERENEW especialmente diseñado puede hacer que un servidor que ejecuta el cliente DHCP sea vulnerable a un ataque de suplantación de DHCP ACK. Un atacante puede falsificar un par de paquetes FORCERENEW y DCHP ACK para reconfigurar el servidor

An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-05-26 CVE Reserved
2021-05-10 CVE Published
2024-01-24 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-290: Authentication Bypass by Spoofing
CWE-306: Missing Authentication for Critical Function

CAPEC

References (9)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2021/08/04/2	Mailing List
http://www.openwall.com/lists/oss-security/2021/08/17/3	Mailing List
http://www.openwall.com/lists/oss-security/2021/09/07/3	Mailing List
https://security.netapp.com/advisory/ntap-20210625-0005	Third Party Advisory

URL	Date	SRC
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI	2023-11-07
https://security.gentoo.org/glsa/202107-48	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-13529	2021-11-09
https://bugzilla.redhat.com/show_bug.cgi?id=1959397	2021-11-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Systemd Project Search vendor "Systemd Project"		Systemd Search vendor "Systemd Project" for product "Systemd"				245 Search vendor "Systemd Project" for product "Systemd" and version "245"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vsphere		Affected
Netapp Search vendor "Netapp"		Cloud Backup Search vendor "Netapp" for product "Cloud Backup"				-		-		Affected