FortiClient VulnerabilityNetworkTimeFoundation NTP CVE-2020-13817 Weak Encryption Vulnerability
Description
A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. The attacker must be able to send and the victim must be able to receive and process a large number of packets with the spoofed IPv4 address of the upstream server. After 8 or more successful attacks in a row, the attacker can either modify the victim's clock by a limited amount or cause ntpd to exit. This attack is most effective in cases where an unusually short poll interval is expressly configured on the victim's ntpd.
Affected Applications
NTP
CVE References
CVE-2020-13817Other References
http://support.ntp.org/bin/view/Main/NtpBug3596| ID | 68931 |
| Created | Sep 04, 2021 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | NetworkTimeFoundation |
| Patch | manual |
| Application | NTP |