5.3
CVE-2016-1547
- EPSS 5.11%
- Veröffentlicht 06.01.2017 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.11% | 0.913 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.debian.org/security/2016/dsa-3629
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://security.gentoo.org/glsa/201607-15
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
http://rhn.redhat.com/errata/RHSA-2016-1552.html
http://www.securityfocus.com/bid/88276
http://www.securitytracker.com/id/1035705
http://www.talosintelligence.com/reports/TALOS-2016-0081/
https://access.redhat.com/errata/RHSA-2016:1141
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc
https://security.netapp.com/advisory/ntap-20171004-0002/
https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19