First published: Mon May 10 2021(Updated: )
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Systemd Project Systemd | =245 | |
Fedoraproject Fedora | =33 | |
Netapp Active Iq Unified Manager Vsphere | ||
Netapp Cloud Backup |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13529 is a denial-of-service vulnerability in Systemd 245 that allows an attacker to cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack.
CVE-2020-13529 works by sending a specially crafted DHCP FORCERENEW packet, which can be used to forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
The affected software versions include Systemd 245, Fedoraproject Fedora 33, Netapp Active Iq Unified Manager, and Netapp Cloud Backup.
CVE-2020-13529 has a severity rating of 6.1 (Medium).
Yes, a fix for CVE-2020-13529 is available. It is recommended to update to the latest version of the affected software.