CVE-2016-3989

high-risk

Published 2016-07-03

The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.

Do I need to act?

9.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40120

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (12)

Ims-Lantime M3000

Ims-Lantime M500

Lantime M600

Lantime M900

Lces

Ntp Server Firmware

Ims-Lantime M1000

Lantime M100

Lantime M200

Lantime M300

Lantime M400

Syncfire 1100

Affected Vendors

Meinberg

References (4)

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03

https://www.exploit-db.com/exploits/40120/

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03

https://www.exploit-db.com/exploits/40120/

/ 100

high-risk

Severity 28/34 · Critical

Exploitability 11/34 · Low

Exposure 17/34 · Moderate