Vulnerability Details CVE-2015-8140
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.326
EPSS Ranking 96.6%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 5.8
References
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://support.ntp.org/bin/view/Main/NtpBug2947
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
- http://www.securitytracker.com/id/1034782
- https://bto.bluecoat.com/security-advisory/sa113
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20200204-0003/
- https://www.kb.cert.org/vuls/id/718152
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
- http://support.ntp.org/bin/view/Main/NtpBug2947
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
- http://www.securitytracker.com/id/1034782
- https://bto.bluecoat.com/security-advisory/sa113
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
- https://security.gentoo.org/glsa/201607-15
- https://security.netapp.com/advisory/ntap-20200204-0003/
- https://www.kb.cert.org/vuls/id/718152