Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2018-7170

🗓️ 06 Mar 2018 20:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 192 Views

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists due to an incomplete fix for CVE-2016-1549

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Vulnerabilities in NTP, OpenSSL and Intel CPU's affect IBM Netezza Firmware Diagnostics.
18 Oct 201903:10
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in NTPv4 affect AIX (CVE-2018-12327, CVE-2018-7170)
14 Dec 201818:25
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in NTP affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru
7 Dec 202322:31
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities in NTP affect AIX
14 Aug 201821:30
ibm
FreeBSD		ntp -- multiple vulnerabilities
27 Feb 201800:00
freebsd
Tenable Nessus		Amazon Linux 2 : ntp (ALAS-2018-1009)
11 May 201800:00
nessus
Tenable Nessus		Amazon Linux AMI : ntp (ALAS-2018-1009)
11 May 201800:00
nessus
Tenable Nessus		Amazon Linux AMI : ntp (ALAS-2018-1083)
20 Sep 201800:00
nessus
Tenable Nessus		F5 Networks BIG-IP : NTP vulnerability (K82570157)
3 Nov 202300:00
nessus
Tenable Nessus		Fedora 28 : ntp (2018-e585e25b72)
3 Jan 201900:00
nessus
Rows per page
NVD
Node
ntpntpRange4.2.04.2.8
OR
ntpntpRange4.3.04.3.92
OR
ntpntpMatch4.2.8-
OR
ntpntpMatch4.2.8p1
OR
ntpntpMatch4.2.8p1-beta1
OR
ntpntpMatch4.2.8p1-beta2
OR
ntpntpMatch4.2.8p1-beta3
OR
ntpntpMatch4.2.8p1-beta4
OR
ntpntpMatch4.2.8p1-beta5
OR
ntpntpMatch4.2.8p1-rc1
OR
ntpntpMatch4.2.8p1-rc2
OR
ntpntpMatch4.2.8p2
OR
ntpntpMatch4.2.8p2-rc1
OR
ntpntpMatch4.2.8p2-rc2
OR
ntpntpMatch4.2.8p2-rc3
OR
ntpntpMatch4.2.8p3
OR
ntpntpMatch4.2.8p3-rc1
OR
ntpntpMatch4.2.8p3-rc2
OR
ntpntpMatch4.2.8p3-rc3
OR
ntpntpMatch4.2.8p4
OR
ntpntpMatch4.2.8p5
OR
ntpntpMatch4.2.8p6
Node
synologyrouter_managerRange1.11.1.6-6931-3
OR
synologyskynasRange<6.1.5-15254
OR
synologyvirtual_diskstation_managerRange<6.1.6-15266
OR
synologydiskstation_managerRange5.26.1.6-15266
Node
synologyvs960hd_firmwareRange<2.2.3-1505
AND
synologyvs960hdMatch-
Node
netapphciMatch-
OR
netappsolidfireMatch-
Node
hpehpux-ntpRange<c.4.2.8.4.0

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jan 2025 19:29Current
6.3Medium risk
Vulners AI Score6.3
CVSS 23.5
CVSS 3.15.3
EPSS0.00536
cve-2018-7170ntpdntpsecurity vulnerabilitysybil attackclock modificationnvd
192