NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
26 Apr 2021, 17:42
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 - Third Party Advisory, US Government Resource | |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf - Third Party Advisory | |
CPE | cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:* |
15 Apr 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2016-01-26 19:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-7974
Mitre link : CVE-2015-7974
CVE.ORG link : CVE-2015-7974
JSON object : View
Products Affected
ntp
- ntp
siemens
- tim_4r-ie_dnp3
- tim_4r-ie_firmware
- tim_4r-ie
- tim_4r-ie_dnp3_firmware
netapp
- oncommand_balance
- clustered_data_ontap
debian
- debian_linux
CWE
CWE-287
Improper Authentication