CVE-2014-125036

EPSS 0.03%
Published 02.01.2023 19:15:10
Last modified 21.11.2024 02:03:39
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Ansible-ntp Project ≫ Ansible-ntp Version < 2014-10-08

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	2.6	1.2	1.4	CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.4	2.5	2.9	AV:A/AC:H/Au:S/C:N/I:N/A:P

CWE-406 Insufficient Control of Network Message Volume (Network Amplification)

The product does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the product to transmit more traffic than should be allowed for that actor.

https://github.com/drybjed/ansible-ntp/commit/ed4ca2cf012677973c220cdba36b5c60bfa0260b

Patch

Third Party Advisory

https://vuldb.com/?ctiid.217190

Third Party Advisory

Permissions Required

https://vuldb.com/?id.217190

Third Party Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2014-125036

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-125036

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-125036

EUVD