CVE-2018-7184
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a denial of service (disruption) by sending a packet with a zero-origin timestamp causing the association to reset and setting the contents of the packet as the most recent timestamp. This issue is a result of an incomplete fix for CVE-2015-7704.
ntpd en ntp, en versiones 4.2.8p4 anteriores a la 4.2.8p11, envía paquetes malos antes de actualizar la marca de tiempo "received". Esto permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío de un paquete con una marca de tiempo zero-origin que provoca que la asociación se restablezca y establezca el contenido del paquete como la marca de tiempo más reciente. Este problema es el resultado de una solución incompleta para CVE-2015-7704.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-16 CVE Reserved
- 2018-03-01 CVE Published
- 2024-06-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html | Third Party Advisory |
|
| http://support.ntp.org/bin/view/Main/NtpBug3453 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/541824/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/103192 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20180626-0001 | Third Party Advisory |
|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | X_refsource_confirm | |
| https://www.synology.com/support/security/Synology_SA_18_13 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | 2020-08-24 | |
| https://security.gentoo.org/glsa/201805-12 | 2020-08-24 | |
| https://usn.ubuntu.com/3707-1 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p10 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p4 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p5 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p6 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p7 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p8 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p9 |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | 5.2 Search vendor "Synology" for product "Diskstation Manager" and version "5.2" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | 6.0 Search vendor "Synology" for product "Diskstation Manager" and version "6.0" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | 6.1 Search vendor "Synology" for product "Diskstation Manager" and version "6.1" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Router Manager Search vendor "Synology" for product "Router Manager" | 1.1 Search vendor "Synology" for product "Router Manager" and version "1.1" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Skynas Search vendor "Synology" for product "Skynas" | - | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Virtual Diskstation Manager Search vendor "Synology" for product "Virtual Diskstation Manager" | - | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Vs960hd Firmware Search vendor "Synology" for product "Vs960hd Firmware" | - | - |
Affected
| ||||||
| Slackware Search vendor "Slackware" | Slackware Linux Search vendor "Slackware" for product "Slackware Linux" | 14.0 Search vendor "Slackware" for product "Slackware Linux" and version "14.0" | - |
Affected
| ||||||
| Slackware Search vendor "Slackware" | Slackware Linux Search vendor "Slackware" for product "Slackware Linux" | 14.1 Search vendor "Slackware" for product "Slackware Linux" and version "14.1" | - |
Affected
| ||||||
| Slackware Search vendor "Slackware" | Slackware Linux Search vendor "Slackware" for product "Slackware Linux" | 14.2 Search vendor "Slackware" for product "Slackware Linux" and version "14.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||