Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-7851
HistoryJan 28, 2020 - 5:15 p.m.

CVE-2015-7851

2020-01-2817:15:12
CWE-22
[email protected]
web.nvd.nist.gov

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '' or ‘/’ characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

Affected configurations

NVD
Node
ntpntpRange4.2.04.2.8
OR
ntpntpRange4.3.04.3.77
OR
ntpntpMatch4.2.8p1
OR
ntpntpMatch4.2.8p1-beta1
OR
ntpntpMatch4.2.8p1-beta2
OR
ntpntpMatch4.2.8p1-beta3
OR
ntpntpMatch4.2.8p1-beta4
OR
ntpntpMatch4.2.8p1-beta5
OR
ntpntpMatch4.2.8p1-rc1
OR
ntpntpMatch4.2.8p1-rc2
OR
ntpntpMatch4.2.8p2
OR
ntpntpMatch4.2.8p2-rc1
OR
ntpntpMatch4.2.8p2-rc2
OR
ntpntpMatch4.2.8p2-rc3
OR
ntpntpMatch4.2.8p3
OR
ntpntpMatch4.2.8p3-rc1
OR
ntpntpMatch4.2.8p3-rc2
OR
ntpntpMatch4.2.8p3-rc3

Related

talos 1
cvelist 1
ubuntucve 1
f5 2
debiancve 1
prion 1
cve 1
nessus 13
ibm 4
freebsd_advisory 1
openvas 11
cisco 1
osv 1
debian 1
archlinux 1
freebsd 1
arista 1
slackware 1
symantec 1
suse 4
gentoo 1
ics 1
talos
talos
Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
2015-10-21 00:00:00
cvelist
cvelist
CVE-2015-7851
2020-01-28 16:35:21
ubuntucve
ubuntucve
CVE-2015-7851
2020-01-28 00:00:00
f5
f5
K17522 : NTP vulnerability CVE-2015-7851
2015-11-10 00:00:00
SOL17522 - NTP vulnerability CVE-2015-7851
2015-11-02 00:00:00
debiancve
debiancve
CVE-2015-7851
2020-01-28 17:15:12
prion
prion
Directory traversal
2020-01-28 17:15:00
cve
cve
CVE-2015-7851
2020-01-28 17:15:12
nessus
nessus
Rockwell Automation Stratix Network Time Protocol ntpd saveconfig Directory Traversal (CVE-2015-7851)
2023-11-15 00:00:00
FreeBSD : ntp -- 13 low- and medium-severity vulnerabilities (c4a18a12-77fc-11e5-a687-206a8a720317)
2015-10-22 00:00:00
SUSE SLED11 / SLES11 Security Update : ntp (SUSE-SU-2015:2058-1)
2015-11-23 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities impact System Storage DS8000 Hardware Management Console (HMC)
2022-05-24 17:06:20
Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module
2019-01-31 02:25:02
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple vulnerabilities in ntp
2018-06-18 01:30:29
freebsd_advisory
freebsd_advisory
FreeBSD-SA-15:25.ntp
2015-10-26 00:00:00
openvas
openvas
Multiple Vulnerabilities in ntpd Affecting Cisco Products (Oct 2015)
2016-05-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:2058-1)
2021-06-09 00:00:00
Slackware: Security Advisory (SSA:2015-302-03)
2022-04-21 00:00:00
cisco
cisco
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015
2015-10-21 23:00:00
osv
osv
ntp - security update
2015-10-28 00:00:00
debian
debian
[SECURITY] [DLA 335-1] ntp security update
2015-10-28 20:45:05
archlinux
archlinux
ntp: multiple issues
2015-10-22 00:00:00
freebsd
freebsd
ntp -- 13 low- and medium-severity vulnerabilities
2015-10-21 00:00:00
arista
arista
Security Advisory 0016
2015-11-04 00:00:00
slackware
slackware
[slackware-security] ntp
2015-10-29 22:49:05
symantec
symantec
SA103 : October 2015 NTP Security Vulnerabilities
2015-11-24 08:00:00
suse
suse
Security update for ntp (important)
2016-05-06 13:07:50
Security update for ntp (important)
2016-05-17 15:09:17
Security update for ntp (important)
2016-07-29 19:08:48
gentoo
gentoo
NTP: Multiple vulnerabilities
2016-07-20 00:00:00
ics
ics
Rockwell Automation Stratix 5900
2017-05-10 12:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON
Related for NVD:CVE-2015-7851
talos1cvelist1ubuntucve1f52debiancve1prion1cve1nessus13ibm4freebsd_advisory1openvas11cisco1osv1debian1archlinux1freebsd1arista1slackware1symantec1suse4gentoo1ics1