CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.ntp.org/bin/view/Main/NtpBug2941	Vendor Advisory
http://www.debian.org/security/2015/dsa-3388	Third Party Advisory
http://www.securityfocus.com/bid/77287	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033951	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1274265	Issue Tracking Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839	Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201604-03	Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201607-15	Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ntp:ntp::::::::
	cpe:2.3:a:ntp:ntp::::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p186::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p187::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p188::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p189::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p190::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p191::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p192::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p193::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p194::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p195::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p196::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p197::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p198::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p199::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p200::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p201::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p202::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p203::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p204::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p205::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p206::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p207::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p208::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p209::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p210::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p211::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p212::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p213::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p214::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p215::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p216::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p217::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p218::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p219::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p220::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p221::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p222::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p223::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p224::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p225::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p226::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p227::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p228::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p229::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p230::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1::::::
	cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1::::::
cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1::::::
cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1::::::
cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2::::::
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::::*
	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::clustered_data_ontap::
	cpe:2.3:o:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:o:netapp:data_ontap:-:::::7-mode::

History

13 Apr 2021, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf -

Information

Published : 2017-08-07 20:29

Updated : 2023-12-10 12:15

NVD link : CVE-2015-7871

Mitre link : CVE-2015-7871

CVE.ORG link : CVE-2015-7871

JSON object : View

Products Affected

netapp

oncommand_performance_manager
oncommand_unified_manager
oncommand_balance
clustered_data_ontap
data_ontap

ntp

debian

debian_linux

CWE

CWE-287

Improper Authentication

9.8 /10