Lucene search

K
f5F5F5:K24613253
HistoryMay 25, 2016 - 12:00 a.m.

K24613253 : NTP vulnerability CVE-2016-2516

2016-05-2500:00:00
my.f5.com
21

AI Score

5.9

Confidence

High

EPSS

0.018

Percentile

88.2%

Security Advisory Description

NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. (CVE-2016-2516)
Impact
An attacker may be able to compromise the controlkey ID or requestkey ID used to authenticate with an NTP server that has been configured to use a non-default custom NTP configuration with remote configuration enabled.
Note: Remote configuration of NTP is not enabled by default or in any supported BIG-IP, Enterprise Manager, or BIG-IQ configuration.