CVE-2015-7854

high-risk
Published 2017-08-07

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

Do I need to act?

~
3.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp
Ntp

Affected Vendors

Netapp Ntp

References (12)

Patch http://support.ntp.org/bin/view/Main/NtpBug2921
Third Party Advisory http://www.securityfocus.com/bid/77277
Third Party Advisory http://www.securitytracker.com/id/1033951
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1274263
Third Party Advisory https://security.gentoo.org/glsa/201607-15
Third Party Advisory https://security.netapp.com/advisory/ntap-20171004-0001/
Patch http://support.ntp.org/bin/view/Main/NtpBug2921
Third Party Advisory http://www.securityfocus.com/bid/77277
Third Party Advisory http://www.securitytracker.com/id/1033951
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1274263
Third Party Advisory https://security.gentoo.org/glsa/201607-15
Third Party Advisory https://security.netapp.com/advisory/ntap-20171004-0001/
58
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 21/34 · High