1.8 Low
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:H/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.4%
A vulnerability in the Network Time Protocol (NTP) daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system.
The vulnerability is due to incorrect validation of the message authentication code (MAC) field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without knowing the NTP symmetric key.
NTP.org has released a security notice and software updates to address the vulnerability.
To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted packets to the affected system. This access requirement limits the likelihood of a successful exploit.
The vulnerability is exploitable only on an application that is configured with the symmetric key authentication mechanism. Authentication using autokey is not affected.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified computing system central software | eq | any | |
cisco unified computing system central software | eq | any |