K09940637 : NTP vulnerability CVE-2019-11331

2019-07-2300:00:00

my.f5.com

8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.5%

JSON

Security Advisory Description

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. (CVE-2019-11331)

Impact

Using an off-path attack (not a man-in-the-middle attack), a remote attacker may more easily exploit unpatched NTP vulnerabilities, which could potentially allow an an attacker to access resources, modify files, or cause a denial of service (DoS) attack.

This vulnerability is inherent in RFC 5905, and thus F5 cannot affect a fix without breaking compatibility. IETF has drafted a port randomization RFC for future publication and adoption. For further information, refer see the Supplemental Information section in this article.

CPENameOperatorVersion
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-iq centralized managementeq7.0.0
big-iq centralized managementeq7.1.0
big-iq centralized managementeq8.0.0

Name	Operator	Version
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-iq centralized management	eq	7.0.0
big-iq centralized management	eq	7.1.0
big-iq centralized management	eq	8.0.0

Rows per page:

1-10 of 2991