CVE-2016-1549

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Un par malicioso autenticado puede crear arbitrariamente muchas asociaciones efímeras para ganar el algoritmo de selección de reloj en ntpd en NTP 4.2.8p4 y versiones anteriores y NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 y a5fb34b9cc89b92a8fef2f459004865c93bb7f92 y modificar un reloj de una víctima.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-01-07 CVE Reserved
2016-05-02 CVE Published
2024-06-18 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-19: Data Processing Errors

CAPEC

References (9)

URL	Tag	Source
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	X_refsource_confirm
http://www.securityfocus.com/bid/88200	Vdb Entry
http://www.securitytracker.com/id/1035705	Vdb Entry
http://www.talosintelligence.com/reports/TALOS-2016-0083	Mitigation
https://security.netapp.com/advisory/ntap-20171004-0002	X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us	X_refsource_confirm
https://www.synology.com/support/security/Synology_SA_18_13	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc	2018-03-28
https://security.gentoo.org/glsa/201607-15	2018-03-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ntp Search vendor "Ntp"		Ntp Search vendor "Ntp" for product "Ntp"				4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8"		p4		Affected