CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 82.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.debian.org/security/2016/dsa-3629
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/88276
http://www.securitytracker.com/id/1035705
http://www.talosintelligence.com/reports/TALOS-2016-0081/
https://access.redhat.com/errata/RHSA-2016:1141
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0002/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.debian.org/security/2016/dsa-3629
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.securityfocus.com/bid/88276
http://www.securitytracker.com/id/1035705
http://www.talosintelligence.com/reports/TALOS-2016-0081/
https://access.redhat.com/errata/RHSA-2016:1141
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0002/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19

Products affected by CVE-2016-1547

Ntp » Ntp » Version: 4.2.2

cpe:2.3:a:ntp:ntp:4.2.2
Ntp » Ntp » Version: 4.2.4

cpe:2.3:a:ntp:ntp:4.2.4
Ntp » Ntp » Version: 4.2.6

cpe:2.3:a:ntp:ntp:4.2.6
Ntp » Ntp » Version: 4.2.7

cpe:2.3:a:ntp:ntp:4.2.7
Ntp » Ntp » Version: 4.2.8

cpe:2.3:a:ntp:ntp:4.2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1547

Products

Pricing

Contact Us