Lucene search

K
cve
Cve@mitre.orgCVE-2014-9293
HistoryDec 20, 2014 - 2:59 a.m.

CVE-2014-9293

2014-12-2002:59:00
NVD-CWE-Other
cve@mitre.org
web.nvd.nist.gov
159
ntp
config_auth
key generation
cryptographic protection
ntp vulnerability
cve-2014-9293
nvd

5.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.1%

The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.

CPENameOperatorVersion
ntp:ntpntple4.2.7

References

How to protect your server from attacks?

5.5 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.1%

Related for CVE-2014-9293