CVE-2015-8138
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.2 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.8%
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
References
lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html
lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
rhn.redhat.com/errata/RHSA-2016-0063.html
support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
www.debian.org/security/2016/dsa-3629
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/81811
www.securitytracker.com/id/1034782
www.ubuntu.com/usn/USN-3096-1
bto.bluecoat.com/security-advisory/sa113
cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
security.gentoo.org/glsa/201607-15
security.netapp.com/advisory/ntap-20171004-0002/
security.netapp.com/advisory/ntap-20171031-0001/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
us-cert.cisa.gov/ics/advisories/icsa-21-103-11
www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
www.kb.cert.org/vuls/id/718152
Social References
More
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
6.2 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
71.8%