4.3 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:N/I:P/A:P
0.008 Low
EPSS
Percentile
81.4%
A vulnerability in ntpd could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.
The vulnerability is due to improper processing of Network Time Protocol (NTP) packets when handling symmetric key authentication failures. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack to periodically transmit crafted NTP packets with set NTP state variables. An exploit could allow the attacker to disrupt communication between NTP hosts, preventing synchronization and leading to a DoS condition for legitimate users.
NTP.org has confirmed this vulnerability in a security advisory and released software updates.
To exploit this vulnerability, an attacker may require access to trusted, internal networks to send crafted requests to the affected software. This access requirement could limit the likelihood of a successful exploit.
An attacker may attempt to perform a man-in-the-middle attack to send crafted packets to the targeted device in an attempt to exploit this vulnerability.
Reports indicate that systems that are configured to use the symmetric key authentication mechanism are affected.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified computing system central software | eq | any | |
cisco unified computing system central software | eq | any |