Shodan
Vulnerabilities
Vulnerable Software
Ntp:  >> Ntp  >> 4.2.4  Security Vulnerabilities
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
CVSS Score
7.5
EPSS Score
0.225
Published
2017-01-30
CVE-2015-8138
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
CVSS Score
5.3
EPSS Score
0.098
Published
2017-01-30
CVE-2015-8139
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVSS Score
5.3
EPSS Score
0.257
Published
2017-01-30
CVE-2015-8140
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVSS Score
4.8
EPSS Score
0.326
Published
2017-01-30
CVE-2015-8158
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
CVSS Score
5.9
EPSS Score
0.22
Published
2017-01-30
CVE-2016-7429
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.
CVSS Score
3.7
EPSS Score
0.285
Published
2017-01-13
CVE-2016-7433
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."
CVSS Score
5.3
EPSS Score
0.283
Published
2017-01-13
CVE-2016-9310
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.
CVSS Score
6.5
EPSS Score
0.087
Published
2017-01-13
CVE-2016-9311
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
CVSS Score
5.9
EPSS Score
0.194
Published
2017-01-13
CVE-2016-9312
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
CVSS Score
7.5
EPSS Score
0.058
Published
2017-01-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved