NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. (CVE-2016-2516)
Impact
An attacker may be able to compromise the controlkey ID or requestkey ID used to authenticate with an NTP server that has been configured to use a non-default custom NTP configuration with remote configuration enabled.
Note: Remote configuration of NTP is not enabled by default or in any supported BIG-IP, Enterprise Manager, or BIG-IQ configuration.