Denial-of-Service Vulnerability in Systemd by Red Hat
CVE-2020-13529

6.1MEDIUM

Key Information:

Vendor: Systemd Project
Status: Systemd
Vendor: CVE Published:; 10 May 2021

🔔 Create Systemd Project Vulnerability Alert

What is CVE-2020-13529?

An exploitable denial-of-service vulnerability exists in Systemd 245. By sending a specially crafted DHCP FORCERENEW packet, an attacker can exploit the DHCP client functionality on a server. This allows for a DHCP ACK spoofing attack, where the attacker can forge packets to deceive the server and potentially reconfigure its settings. Such an attack can lead to a disruption of network services and should be addressed promptly to secure the affected systems.

Affected Version(s)

Systemd Canonical Ubuntu 20.04 LTS, Systemd 245

References

https://talosintelligence.com/vulnerability_reports/TALOS...

x_refsource_MISC

https://security.gentoo.org/glsa/202107-48

vendor-advisoryx_refsource_GENTOO

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
May 26, 2020

CVE-2020-13529 Data

JSON