CVE-2020-25705
kernel: ICMP rate limiting can be used for DNS poisoning attack
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
Se encontró un fallo en los paquetes ICMP en el kernel de Linux puede permitir a un atacante escanear rápidamente los puertos UDP abiertos. Este defecto permite a un atacante remoto fuera de la ruta eludir efectivamente la aleatorización del puerto de origen UDP. El software que depende de la aleatorización del puerto de origen UDP también se ve afectado indirectamente en los productos basados en Linux (RUGGEDCOM RM1224: Todas las versiones entre v5.0 y v6.4, SCALANCE M-800: Todas las versiones entre v5.0 y v6.4, SCALANCE S615: Todas las versiones entre v5.0 y v6.4, SCALANCE SC-600: Todas las versiones anteriores a la v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0 y v8.7.0, SIMATIC Cloud Connect 7: Todas las versiones, SIMATIC MV500 Family: Todas las versiones, SIMATIC NET CP 1243-1 (incluidas las variantes SIPLUS): Versiones 3.1.39 y posteriores, SIMATIC NET CP 1243-7 LTE EU: Versión
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-09-16 CVE Reserved
- 2020-11-14 First Exploit
- 2020-11-17 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-131-03 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://github.com/tdwyer/CVE-2020-25705 | 2020-11-14 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2020-25705 | 2021-06-09 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1894579 | 2021-06-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.10.0 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||