Security Vulnerabilities - CVEs Published In January 2017
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
CVSS Score
5.3
EPSS Score
0.061
Published
2017-01-30
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.179
Published
2017-01-30
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVSS Score
4.8
EPSS Score
0.235
Published
2017-01-30
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
CVSS Score
5.9
EPSS Score
0.179
Published
2017-01-30
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-01-30
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
CVSS Score
4.9
EPSS Score
0.004
Published
2017-01-30
CVE-2016-10174
The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_lang_avi parameter when invoking the URL /apply.cgi?/lang_check.html. This buffer overflow can be exploited by an unauthenticated attacker to achieve remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.918
Published
2017-01-30
The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions.
CVSS Score
9.8
EPSS Score
0.816
Published
2017-01-30
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.
CVSS Score
9.8
EPSS Score
0.866
Published
2017-01-30
An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234.
CVSS Score
9.8
EPSS Score
0.201
Published
2017-01-30