CVE-2016-9042

Exploit

EPSS 2.53%
Veröffentlicht 04.06.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:00:29
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ntp ≫ Ntp Version4.2.8 Updatep9

Freebsd ≫ Freebsd Version10.0

Freebsd ≫ Freebsd Version11.0

Hpe ≫ Hpux-ntp Version < c.4.2.8.4.0

Siemens ≫ Simatic Net Cp 443-1 Opc Ua Firmware

Siemens ≫ Simatic Net Cp 443-1 Opc Ua Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.53%	0.848

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
talos-cna@cisco.com	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us

Third Party Advisory

http://www.securitytracker.com/id/1039427

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3349-1

http://www.securitytracker.com/id/1038123

Third Party Advisory

VDB Entry