CVE-2018-7184

high-risk

Published 2018-03-06

ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.

Do I need to act?

13.1% chance of exploitation in next 30 days

EPSS score — higher than 87% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ntp

Router Manager

Skynas

Virtual Diskstation Manager

Diskstation Manager

Vs960Hd Firmware

Slackware Linux

Ubuntu Linux

Affected Vendors

Slackware Ntp Canonical Netapp Synology

References (20)

Third Party Advisory http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Upda...

Third Party Advisory http://support.ntp.org/bin/view/Main/NtpBug3453

Third Party Advisory http://www.securityfocus.com/archive/1/541824/100/0/threaded

Third Party Advisory http://www.securityfocus.com/bid/103192

Third Party Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc

Third Party Advisory https://security.gentoo.org/glsa/201805-12

Third Party Advisory https://security.netapp.com/advisory/ntap-20180626-0001/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpe...

Third Party Advisory https://usn.ubuntu.com/3707-1/

Third Party Advisory https://www.synology.com/support/security/Synology_SA_18_13