CVE-2020-13529

Public on 2021-05-10

Modified on 2024-01-12

Description

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Severity

Medium

See what this means

CVSS v3 Base Score

6.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 2 - Core	systemd	2022-09-30 07:04	ALAS2-2022-1854

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	6.1	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
NVD	CVSSv3	6.1	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
NVD	CVSSv2	2.9	AV:A/AC:M/Au:N/C:N/I:N/A:P

References

Red Hat: CVE-2020-13529 Mitre: CVE-2020-13529 FAQs regarding Amazon Linux ALAS/CVE Severity