{"containers": {"cna": {"affected": [{"product": "Systemd", "vendor": "n/a", "versions": [{"status": "affected", "version": "Canonical Ubuntu 20.04 LTS, Systemd 245"}]}], "descriptions": [{"lang": "en", "value": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-19T15:13:43", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"}, {"name": "GLSA-202107-48", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-48"}, {"name": "FEDORA-2021-166e461c8d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"}, {"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"}, {"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"}, {"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210625-0005/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2020-13529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Systemd", "version": {"version_data": [{"version_value": "Canonical Ubuntu 20.04 LTS, Systemd 245"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."}]}, "impact": {"cvss": {"baseScore": 6.1, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-290: Authentication Bypass by Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"}, {"name": "GLSA-202107-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-48"}, {"name": "FEDORA-2021-166e461c8d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"}, {"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"}, {"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"}, {"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"}, {"name": "https://security.netapp.com/advisory/ntap-20210625-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210625-0005/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:18:18.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"}, {"name": "GLSA-202107-48", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202107-48"}, {"name": "FEDORA-2021-166e461c8d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"}, {"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"}, {"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"}, {"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210625-0005/"}]}]}, "cveMetadata": {"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2020-13529", "datePublished": "2021-05-10T15:08:34", "dateReserved": "2020-05-26T00:00:00", "dateUpdated": "2024-08-04T12:18:18.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:systemd_project:systemd:245:-:*:*:*:*:*:*", "matchCriteriaId": "1E07E1BF-F8B6-4BA0-9DEE-6619C666CB94", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio explotable en Systemd 245. Un paquete DHCP FORCERENEW especialmente dise\u00f1ado puede hacer que un servidor que ejecuta el cliente DHCP sea vulnerable a un ataque de suplantaci\u00f3n de DHCP ACK. Un atacante puede falsificar un par de paquetes FORCERENEW y DCHP ACK para reconfigurar el servidor"}], "id": "CVE-2020-13529", "lastModified": "2023-11-07T03:16:42.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-10T16:15:07.373", "references": [{"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"}, {"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"}, {"source": "talos-cna@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"}, {"source": "talos-cna@cisco.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-48"}, {"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210625-0005/"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4361", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "NetworkManager-1:1.32.10-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4361", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "NetworkManager-1:1.32.10-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured", "id": "1959397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959397"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-306", "details": ["An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "An exploitable denial of service vulnerability exists in systemd which does not fully implement RFC3203, as it does not support authentication of FORCERENEW packets. A specially crafted DHCP FORCERENEW packet can cause a system, running the DHCP client, to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHPACK packets to reconfigure the system with arbitrary network settings."], "mitigation": {"lang": "en:us", "value": "There is no available mitigation for this issue."}, "name": "CVE-2020-13529", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "NetworkManager", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "systemd", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-13529\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13529"], "statement": "This issue did not affect the versions of systemd as shipped with Red Hat Enterprise Linux 8 as they did not include systemd-networkd service.\nNetworkManager embeds some pieces of systemd code base, including the DHCP client code. For this reason NetworkManager is marked as affected.\nBy default only the versions of NetworkManager as shipped in Red Hat Enterprise Linux 8.0 and 8.1 are affected, as in those versions NetworkManager uses main.dhcp=internal setting (see networkmanager.conf(5)) by default, which relies on systemd DHCP client. On newer Red Hat Enterprise Linux 8 versions NetworkManager uses a different DHCP client by default, which is not affected by this flaw. On Red Hat Enterprise Linux 7 NetworkManager uses main.dhcp=dhclient by default, which is not affected by this flaw either, however users who have explicitly configured main.dhcp=internal would be affected, as the systemd DHCP client would be used in that case.", "threat_severity": "Moderate"}