Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K80996302
HistoryDec 16, 2016 - 12:00 a.m.

K80996302 : Multiple NTP vulnerabilities

2016-12-1600:00:00
my.f5.com
36

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.705 High

EPSS

Percentile

97.8%

JSON

Security Advisory Description

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet.

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a “root distance that did not include the peer dispersion.”

ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
Impact
There is no impact; F5 products are not affected by this vulnerability.

Related

ibm 29
cisco 1
nessus 54
slackware 1
cert 1
symantec 1
freebsd 2
openvas 34
archlinux 1
huawei 1
redhatcve 6
cve 7
prion 7
ubuntucve 8
debiancve 7
freebsd_advisory 1
talos 6
seebug 4
aix 1
checkpoint_advisories 1
ubuntu 2
cloudfoundry 1
fedora 4
oraclelinux 6
centos 2
veracode 2
amazon 3
redhat 2
f5 2
ics 1
mageia 1
ibm
ibm
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module (CMM)
2019-01-31 02:25:02
Security Bulletin: Vulnerabilities in NTP affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems
2023-04-14 14:32:25
cisco
cisco
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
2016-11-23 16:00:00
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : ntp (SSA:2016-326-01)
2016-11-22 00:00:00
FreeBSD : ntp -- multiple vulnerabilities (8db8d62a-b08b-11e6-8eba-d050996490d0)
2016-11-23 00:00:00
Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p9 Multiple Vulnerabilities
2016-12-06 00:00:00
slackware
slackware
[slackware-security] ntp
2016-11-21 19:25:10
cert
cert
NTP.org ntpd contains multiple denial of service vulnerabilities
2016-11-21 00:00:00
symantec
symantec
SA139 : November 2016 NTP Security Vulnerabilities
2017-01-12 08:00:00
freebsd
freebsd
ntp -- multiple vulnerabilities
2016-11-21 00:00:00
FreeBSD -- Multiple vulnerabilities of ntp
2016-12-22 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-326-01)
2022-04-21 00:00:00
NTP.org 'ntpd' 4.0.90 - 4.2.8p8, 4.3.0 - 4.3.93 Multiple Vulnerabilities (Nov 2016)
2016-06-03 00:00:00
Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2020-1611)
2020-06-03 00:00:00
archlinux
archlinux
[ASA-201611-28] ntp: multiple issues
2016-11-26 00:00:00
huawei
huawei
Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products
2017-11-29 00:00:00
redhatcve
redhatcve
CVE-2016-7431
2016-11-22 10:47:56
CVE-2016-9312
2017-01-04 08:47:26
CVE-2016-7428
2016-11-22 10:48:02
cve
cve
CVE-2016-7431
2017-01-13 16:59:00
CVE-2016-7428
2017-01-13 16:59:00
CVE-2016-9312
2017-01-13 16:59:00
prion
prion
Design/Logic Flaw
2017-01-13 16:59:00
Code injection
2017-01-13 16:59:00
Code injection
2017-01-13 16:59:00
ubuntucve
ubuntucve
CVE-2016-7431
2017-01-13 00:00:00
CVE-2016-9312
2017-01-13 00:00:00
CVE-2016-7429
2017-01-13 00:00:00
debiancve
debiancve
CVE-2016-7431
2017-01-13 16:59:00
CVE-2016-9312
2017-01-13 16:59:00
CVE-2016-7428
2017-01-13 16:59:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:39.ntp
2016-12-22 00:00:00
talos
talos
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
2017-03-29 00:00:00
Network Time Protocol Origin Timestamp Check Impersonation Vulnerability
2016-01-19 00:00:00
Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability
2016-11-21 00:00:00
seebug
seebug
Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability(CVE-2016-9042)
2017-09-20 00:00:00
Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability(CVE-2016-7428)
2017-10-11 00:00:00
Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability(CVE-2016-7427)
2017-10-11 00:00:00
aix
aix
There are multiple vulnerabilities in NTPv3 and NTPv4 that impact AIX.
2017-02-13 15:32:47
checkpoint_advisories
checkpoint_advisories
Network Time Protocol Windows Daemon getEndptFromIoCtx Denial of Service (CVE-2016-9312)
2017-01-10 00:00:00
ubuntu
ubuntu
NTP vulnerabilities
2017-07-05 00:00:00
NTP vulnerabilities
2019-01-23 00:00:00
cloudfoundry
cloudfoundry
USN-3349-1: NTP vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ntp-4.2.6p5-43.fc23
2016-12-08 03:20:50
[SECURITY] Fedora 25 Update: ntp-4.2.6p5-43.fc25
2016-12-08 03:53:53
[SECURITY] Fedora 24 Update: ntp-4.2.6p5-43.fc24
2016-12-07 20:21:32
oraclelinux
oraclelinux
ntp security update
2017-02-06 00:00:00
ntp security update
2016-01-25 00:00:00
ntp security, bug fix, and enhancement update
2019-08-13 00:00:00
centos
centos
ntp, ntpdate, sntp security update
2017-02-06 11:25:17
ntp, ntpdate, sntp security update
2016-01-25 14:27:37
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:30:44
Validation Bypass
2019-01-15 09:09:42
amazon
amazon
Medium: ntp
2017-01-04 17:00:00
Medium: ntp
2018-05-10 17:11:00
Important: ntp
2016-02-09 13:30:00
redhat
redhat
(RHSA-2017:0252) Moderate: ntp security update
2017-02-06 03:59:03
(RHSA-2016:0063) Important: ntp security update
2016-01-25 00:00:00
f5
f5
K71245322 : NTP vulnerability CVE-2015-8138
2016-02-22 00:00:00
SOL71245322 - NTP vulnerability CVE-2015-8138
2016-02-22 00:00:00
ics
ics
Siemens SIMATIC NET CP 443-1 OPC UA
2021-06-08 12:00:00
mageia
mageia
Updated ntp packages fix security vulnerabilities
2016-12-08 10:33:24

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.705 High

EPSS

Percentile

97.8%

JSON
Related for F5:K80996302
ibm29cisco1nessus54slackware1cert1symantec1freebsd2openvas34archlinux1huawei1redhatcve6cve7prion7ubuntucve8debiancve7freebsd_advisory1talos6seebug4aix1checkpoint_advisories1ubuntu2cloudfoundry1fedora4oraclelinux6centos2veracode2amazon3redhat2f52ics1mageia1