7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.082 Low
EPSS
Percentile
94.3%
Network Time Foundation reports:
NTF’s NTP Project has been notified of the following low-
and medium-severity vulnerabilities that are fixed in
ntp-4.2.8p6, released on Tuesday, 19 January 2016:
Bug 2948 / CVE-2015-8158: Potential Infinite Loop
in ntpq. Reported by Cisco ASIG.
Bug 2945 / CVE-2015-8138: origin: Zero Origin
Timestamp Bypass. Reported by Cisco ASIG.
Bug 2942 / CVE-2015-7979: Off-path Denial of
Service (DoS) attack on authenticated broadcast
mode. Reported by Cisco ASIG.
Bug 2940 / CVE-2015-7978: Stack exhaustion in
recursive traversal of restriction list.
Reported by Cisco ASIG.
Bug 2939 / CVE-2015-7977: reslist NULL pointer
dereference. Reported by Cisco ASIG.
Bug 2938 / CVE-2015-7976: ntpq saveconfig command
allows dangerous characters in filenames.
Reported by Cisco ASIG.
Bug 2937 / CVE-2015-7975: nextvar() missing length
check. Reported by Cisco ASIG.
Bug 2936 / CVE-2015-7974: Skeleton Key: Missing
key check allows impersonation between authenticated
peers. Reported by Cisco ASIG.
Bug 2935 / CVE-2015-7973: Deja Vu: Replay attack on
authenticated broadcast mode. Reported by Cisco ASIG.
Additionally, mitigations are published for the following
two issues:
Bug 2947 / CVE-2015-8140: ntpq vulnerable to replay
attacks. Reported by Cisco ASIG.
Bug 2946 / CVE-2015-8139: Origin Leak: ntpq and ntpdc,
disclose origin. Reported by Cisco ASIG.
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.082 Low
EPSS
Percentile
94.3%