SOL17114 - NTP vulnerability CVE-2015-5146

2015-08-1200:00:00

support.f5.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

82.1%

JSON

A flaw was found in the way ntpdprocessed certain remote configuration packets. (CVE-2015-5146 - pending)

An attacker could use a specially crafted package to cause ntpdto become unresponsive when all of the following conditions are met:

The ntpdconfiguration has enabled remote configuration.
The attacker has knowledge of the configuration password.
The attacker has access to a computer entrusted to perform remote configurations.

CPENameOperatorVersion
big-ip afmle11.6.0 HF4 and later 11.6.0 hotfixes
big-ip pemle11.6.0 HF4 and later 11.6.0 hotfixes
big-iq securityle4.5.0
big-ip ltmle11.6.0 HF4 and later 11.6.0 hotfixes
big-ip aamle11.6.0 HF4 and later 11.6.0 hotfixes
big-ip apmle11.6.0 HF4 and later 11.6.0 hotfixes
big-ip analyticsle11.6.0 HF4 and later 11.6.0 hotfixes
arxle6.4.0
big-ip asmle11.6.0 HF4 and later 11.6.0 hotfixes
big-ip gtmle11.6.0 HF4 and later 11.6.0 hotfixes

Name	Operator	Version
big-ip afm	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-ip pem	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-iq security	le	4.5.0
big-ip ltm	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-ip aam	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-ip apm	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-ip analytics	le	11.6.0 HF4 and later 11.6.0 hotfixes
arx	le	6.4.0
big-ip asm	le	11.6.0 HF4 and later 11.6.0 hotfixes
big-ip gtm	le	11.6.0 HF4 and later 11.6.0 hotfixes