9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.779 High
EPSS
Percentile
98.2%
Network Time Foundation reports:
The NTP Project at Network Time Foundation is releasing ntp-4.2.8p11.
This release addresses five security issues in ntpd:
LOW/MEDIUM: Sec 3012 / CVE-2016-1549 / VU#961909: Sybil
vulnerability: ephemeral association attack
INFO/MEDIUM: Sec 3412 / CVE-2018-7182 / VU#961909:
ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak
LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple
authenticated ephemeral associations
LOW: Sec 3453 / CVE-2018-7184 / VU#961909: Interleaved
symmetric mode cannot recover from bad state
LOW/MEDIUM: Sec 3454 / CVE-2018-7185 / VU#961909:
Unauthenticated packet can reset authenticated interleaved
association
one security issue in ntpq:
MEDIUM: Sec 3414 / CVE-2018-7183 / VU#961909:
ntpq:decodearr() can write beyond its buffer limit
and provides over 33 bugfixes and 32 other improvements.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.779 High
EPSS
Percentile
98.2%