CVE-2015-7850

high-risk
Published 2017-08-07

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.

Do I need to act?

~
4.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (20)

Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp

Affected Vendors

Ntp Debian Netapp

References (14)

Patch http://support.ntp.org/bin/view/Main/NtpBug2917
Third Party Advisory http://www.debian.org/security/2015/dsa-3388
Third Party Advisory http://www.securityfocus.com/bid/77279
Third Party Advisory http://www.securitytracker.com/id/1033951
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1274258
Third Party Advisory https://security.gentoo.org/glsa/201607-15
Third Party Advisory https://security.netapp.com/advisory/ntap-20171004-0001/
Patch http://support.ntp.org/bin/view/Main/NtpBug2917
Third Party Advisory http://www.debian.org/security/2015/dsa-3388
Third Party Advisory http://www.securityfocus.com/bid/77279
Third Party Advisory http://www.securitytracker.com/id/1033951
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1274258
Third Party Advisory https://security.gentoo.org/glsa/201607-15
Third Party Advisory https://security.netapp.com/advisory/ntap-20171004-0001/
53
/ 100
high-risk
Severity 24/34 · High
Exploitability 8/34 · Low
Exposure 21/34 · High