Vulnerability Details : CVE-2016-1547
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2016-1547
Probability of exploitation activity in the next 30 days: 0.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-1547
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
|
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-1547
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1547
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
-
https://security.netapp.com/advisory/ntap-20171004-0002/
April 2016 Network Time Protocol Daemon (ntpd) Vulnerabilities in Multiple NetApp Products | NetApp Product Security
-
http://rhn.redhat.com/errata/RHSA-2016-1552.html
RHSA-2016:1552 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201607-15
NTP: Multiple vulnerabilities (GLSA 201607-15) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Siemens TIM 4R-IE Devices | CISA
-
https://access.redhat.com/errata/RHSA-2016:1141
RHSA-2016:1141 - Security Advisory - Red Hat Customer Portal
-
http://www.talosintelligence.com/reports/TALOS-2016-0081/
TALOS-2016-0081 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceMitigation;Technical Description;Third Party Advisory
-
http://www.securityfocus.com/bid/88276
NTP CVE-2016-1547 Denial of Service Vulnerability
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
- https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
-
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19
Security Advisory 0019 - Arista
-
http://www.securitytracker.com/id/1035705
ntp Multiple Bugs Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, Modify Time, and Deny Service - SecurityTracker
-
http://www.debian.org/security/2016/dsa-3629
Debian -- Security Information -- DSA-3629-1 ntp
Products affected by CVE-2016-1547
- cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*