Moxa CVE-2020-11868: NTP Vulnerability in Ethernet Switches

This security advisory addresses a vulnerability identified in Ethernet switches. CVE-2020-11868 The Network Time Protocol daemon ( ntpd ) in the Network Time Protocol (NTP) before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. (Source: cve.org) Since this issue is considered a high severity, users should immediately apply the solutions to mitigate associated security risks. The Identified Vulnerability Type and Potential Impact CVE ID Vulnerability Type Impact CVE-2020-11868 CWE-346: Origin Validation Error An off-path attacker may block unauthenticated synchronization via a server mode packet with a spoofed source IP address Vulnerability Scoring Details CVE ID Base Score Vector Severity Unauthenticated Remote Exploits CVE-2020-11868 CVSS 3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H High Yes