CVE-2015-7705

critical-risk
Published 2017-08-07

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Do I need to act?

!
31.0% chance of exploitation in next 30 days
EPSS score — higher than 69% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp

Affected Vendors

Ntp Citrix Siemens Netapp

References (72)

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Upda...
Vendor Advisory http://support.ntp.org/bin/view/Main/NtpBug2901
Release Notes http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Sec...
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securityfocus.com/archive/1/536737/100/0/threaded
http://www.securityfocus.com/archive/1/536796/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded
Third Party Advisory http://www.securityfocus.com/bid/77284
and 52 more references
70
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 16/34 · Moderate
Exposure 22/34 · High