6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.1%
CVE-2015-7850
An exploitable denial of service vulnerability exists in the remote configuration functionality of the Network Time Protocol. A specially crafted configuration file could cause an endless loop resulting in a denial of service. An attacker could provide a the malicious configuration file to trigger this vulnerability.
ntp 4.2.8p2
When sending a remote configuration file, an attacker can enable extended logging via the logconfig=allall setting. An attacker can also set the keys file when specifying this remote configuration. If the attacker sets the keys file to be the log file, the key parsing will go into an endless loop. NTP will log an invalid key in parsing, and will then subsequently parse that line as a key and again log the error, continuing in an infinite loop.
Yves Younan of Cisco Talos
Vulnerability Reports Next Report
TALOS-2015-0062
Previous Report
TALOS-2015-0054
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.009 Low
EPSS
Percentile
82.1%