Vulnerability Details CVE-2018-8956
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- http://www.ntp.org/
- https://arxiv.org/abs/2005.01783
- https://nikhiltripathi.in/NTP_attack.pdf
- https://security.netapp.com/advisory/ntap-20200518-0006/
- https://tools.ietf.org/html/rfc5905
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00044.html
- http://www.ntp.org/
- https://arxiv.org/abs/2005.01783
- https://nikhiltripathi.in/NTP_attack.pdf
- https://security.netapp.com/advisory/ntap-20200518-0006/
- https://tools.ietf.org/html/rfc5905