Network Time Protocol Ephemeral Association Time Spoofing Vulnerability

🗓️ 26 Apr 2016 00:00:00Reported by Talos IntelligenceType

talos🔗 www.talosintelligence.com👁 35 Views

ntpd vulnerable to Sybil attacks, allows malicious associations to modify victim's clock. Requires trusted keys for association creation. Ephemeral broadcast and manycast associations also vulnerable. All ntpd instances using 'trustedkey' directive are vulnerable

Reporter	Title	Published	Views	Family All 115
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple ntp vulnerabilities	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect IBM Flex System Chassis Management Module	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in NTP affect AIX	14 Aug 201821:30	–	ibm
FreeBSD	ntp -- multiple vulnerabilities	27 Feb 201800:00	–	freebsd
FreeBSD	ntp -- multiple vulnerabilities	26 Apr 201600:00	–	freebsd
Tenable Nessus	Amazon Linux 2 : ntp (ALAS-2018-1009)	11 May 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ntp (ALAS-2018-1009)	11 May 201800:00	–	nessus
Tenable Nessus	Amazon Linux AMI : ntp (ALAS-2018-1083)	20 Sep 201800:00	–	nessus
Tenable Nessus	Arista Networks EOS Multiple Vulnerabilities (SA0019)	28 Feb 201800:00	–	nessus

26 Apr 2016 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 24

CVSS 36.5

EPSS0.00969