CVE-2020-25705
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version
EPSS 1.01% · 77.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-azure-fips | 5.4.0-1022.22+fips1, 0 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:18.04:LTS | linux-dell300x | 4.15.0-1006.10, 4.15.0-1005.8, 4.15.0-1007.11 |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-36.41, 5.4.0-34.38, 5.4.0-33.37 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-fips | 4.15.0-1035.40, 4.15.0-1034.39, 4.15.0-1027.32 |
| Ubuntu:Pro:FIPS:16.04:LTS | linux-fips | 4.4.0-1008.10, 4.4.0-1005.5, 4.4.0-1006.6 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1034.36, 4.15.0-1033.35, 4.15.0-1032.34 |
| Ubuntu:18.04:LTS | linux-gke-4.15 | 4.15.0-1049.52, 4.15.0-1046.49, 4.15.0-1044.46 |
| Ubuntu:18.04:LTS | linux-gcp-5.3 | 0, *, 5.3.0-1032.34~18.04.1 |
| Ubuntu:18.04:LTS | linux | 4.15.0-47.50, 4.15.0-121.123, 4.15.0-38.41 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1026.26, 0, 5.6.0-1007.7 |
| Ubuntu:16.04:LTS | linux-hwe | 4.13.0-38.43~16.04.1, *, * |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:16.04:LTS | linux-aws | 4.4.0-1009.18, 4.4.0-1041.50, 4.4.0-1038.47 |
| Ubuntu:18.04:LTS | linux-raspi2 | 4.15.0-1026.28, 0, 4.13.0-1006.6 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 4.18.0-1006.7~18.04.1, 4.18.0-1007.8~18.04.1, 4.18.0-1012.13~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1022.22, 4.4.0-1023.23, 4.4.0-1024.25 |
| Ubuntu:18.04:LTS | linux-gcp-4.15 | 4.15.0-1084.95, 4.15.0-1083.94, 4.15.0-1081.92 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1038.43, 4.15.0-1069.79, 4.15.0-1091.101 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 0, 5.0.0-1021.24~18.04.1, 5.0.0-1022.25~18.04.1 |
…and 53 more
Exploit Intelligence
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- nanopathi/linux-4.19.72_CVE-2020-25705 (github-poc)
- PoC for CVE-2020-25705 POC-2020-25705 (github-poc)
- PoC for CVE-2020-25705 POC-2020-25705 (github-poc)
…and 6 more exploits
Timeline
- Nov 14, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- May 12, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 22, 2022 CVE Updated
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-25705 third-party-advisory
- https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 third-party-advisory
- https://www.saddns.net/ third-party-advisory
- https://ubuntu.com/security/notices/USN-4657-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4658-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4659-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4680-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-25705 third-party-advisory
- Multiples vulnérabilités dans les produits Juniper advisory