// For flags

CVE-2016-7431

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression.

NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos eludir el mecanismo de protección de la marca de tiempo de origen a través de una marca de tiempo de origen de cero. NOTA: esta vulnerabilidad existe debido a una regresión de CVE-2015-8138.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-09-09 CVE Reserved
  • 2016-12-21 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (25)
URL Tag Source
http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html X_refsource_misc
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html X_refsource_confirm
http://www.securityfocus.com/archive/1/539955/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/540254/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded Mailing List
http://www.securityfocus.com/bid/94454 Vdb Entry
http://www.securitytracker.com/id/1037354 Vdb Entry
https://bto.bluecoat.com/security-advisory/sa139 X_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf X_refsource_confirm
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03883en_us X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03899en_us X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us X_refsource_confirm
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us X_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11 X_refsource_misc
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223 X_refsource_confirm
https://www.kb.cert.org/vuls/id/633847 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html 2021-07-12
http://nwtime.org/ntp428p9_release 2021-07-12
http://support.ntp.org/bin/view/Main/NtpBug3102 2021-07-12
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities 2021-07-12
http://www.ubuntu.com/usn/USN-3349-1 2021-07-12
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc 2021-07-12
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ntp
Search vendor "Ntp"
 Ntp
Search vendor "Ntp" for product "Ntp"
 4.2.8
Search vendor "Ntp" for product "Ntp" and version "4.2.8"
p8
Affected