CVE-2016-1567

{"id": "CVE-2016-1567", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2016-01-26T19:59:08.577", "references": [{"url": "http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176559.html", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175969.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.talosintel.com/reports/TALOS-2016-0071/", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-254"}]}], "descriptions": [{"lang": "en", "value": "chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\""}, {"lang": "es", "value": "chrony en versiones anteriores a 1.31.2 y 2.x en versiones anteriores a 2.2.1 no verifica las asociaciones del par de las claves sim\u00e9tricas cuando autentica paquetes, lo que podr\u00eda permitir a atacantes remotos llevar a cabo ataques de suplantaci\u00f3n de identidad a trav\u00e9s de una clave de confianza arbitraria, tambi\u00e9n conocida como \"skeleton key\"."}], "lastModified": "2016-12-06T03:07:03.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E8A8582-01A0-4CED-B30D-3319B5174F26", "versionEndIncluding": "1.31.1"}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CCFD400-0554-4328-8050-E99B22CD22B3"}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B7204DA-395F-427C-9980-7649CB636A97"}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CF3097-1FD9-47F0-B34B-210E35ECB5DD"}, {"criteria": "cpe:2.3:a:tuxfamily:chrony:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1A61900-971A-4A21-9BF0-C32696A9E1DD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}