CVE-2015-7974

Exploit

EPSS 3.67%
Veröffentlicht 26.01.2016 19:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ntp ≫ Ntp Version >= 4.2.0 < 4.2.8

Ntp ≫ Ntp Version >= 4.3.0 < 4.3.90

Ntp ≫ Ntp Version4.2.8 Update-

Ntp ≫ Ntp Version4.2.8 Updatep1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta1

Ntp ≫ Ntp Version4.2.8 Updatep1-beta2

Ntp ≫ Ntp Version4.2.8 Updatep1-beta3

Ntp ≫ Ntp Version4.2.8 Updatep1-beta4

Ntp ≫ Ntp Version4.2.8 Updatep1-beta5

Ntp ≫ Ntp Version4.2.8 Updatep1-rc1

Ntp ≫ Ntp Version4.2.8 Updatep1-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc1

Ntp ≫ Ntp Version4.2.8 Updatep2-rc2

Ntp ≫ Ntp Version4.2.8 Updatep2-rc3

Ntp ≫ Ntp Version4.2.8 Updatep3

Ntp ≫ Ntp Version4.2.8 Updatep3-rc1

Ntp ≫ Ntp Version4.2.8 Updatep3-rc2

Ntp ≫ Ntp Version4.2.8 Updatep3-rc3

Ntp ≫ Ntp Version4.2.8 Updatep4

Ntp ≫ Ntp Version4.2.8 Updatep5

Siemens ≫ Tim 4r-ie Firmware

Siemens ≫ Tim 4r-ie Version-

Siemens ≫ Tim 4r-ie Dnp3 Firmware

Siemens ≫ Tim 4r-ie Dnp3 Version-

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Oncommand Balance Version-

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.67%	0.874

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.7	3.1	4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://bugs.ntp.org/show_bug.cgi?id=2936

Vendor Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2016-2583.html

Third Party Advisory

http://support.ntp.org/bin/view/Main/NtpBug2936

Vendor Advisory

http://www.debian.org/security/2016/dsa-3629

Third Party Advisory

http://www.securityfocus.com/bid/81960

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034782

Third Party Advisory

VDB Entry

http://www.talosintel.com/reports/TALOS-2016-0071/

Third Party Advisory

Exploit

https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us

Third Party Advisory

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us

Third Party Advisory

https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc

Third Party Advisory

https://security.gentoo.org/glsa/201607-15

Third Party Advisory

https://security.netapp.com/advisory/ntap-20171031-0001/

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2015-7974

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7974

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7974

EUVD