CVE-2015-7979

high-risk

Published 2017-01-30

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

Do I need to act?

4.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ntp

Affected Vendors

Ntp

References (58)

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.h...

Third Party Advisory http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.ht...

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html

Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html

Third Party Advisory http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-1552.html

http://rhn.redhat.com/errata/RHSA-2016-2583.html

Vendor Advisory http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Secur...

Third Party Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

Third Party Advisory http://www.debian.org/security/2016/dsa-3629

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.h...

Third Party Advisory http://www.securityfocus.com/bid/81816

Third Party Advisory http://www.securitytracker.com/id/1034782

Third Party Advisory http://www.ubuntu.com/usn/USN-3096-1

Third Party Advisory https://access.redhat.com/errata/RHSA-2016:1141

and 38 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 29/34 · Critical