CVE-2018-7185
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío continuado de un paquete con una marca de tiempo zero-origin y la dirección IP de origen "del otro lado" de una asociación intercalada que provoca que el ntpd de la víctima restablezca su asociación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-02-16 CVE Reserved
- 2018-03-01 CVE Published
- 2024-06-09 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/541824/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/103339 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20180626-0001 | Third Party Advisory |
|
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us | Third Party Advisory | |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | Third Party Advisory |
|
| https://www.synology.com/support/security/Synology_SA_18_13 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://support.ntp.org/bin/view/Main/NtpBug3454 | 2020-08-24 | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc | 2020-08-24 | |
| https://security.gentoo.org/glsa/201805-12 | 2020-08-24 | |
| https://usn.ubuntu.com/3707-1 | 2020-08-24 | |
| https://usn.ubuntu.com/3707-2 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Synology Search vendor "Synology" | Vs960hd Firmware Search vendor "Synology" for product "Vs960hd Firmware" | < 2.2.3-1505 Search vendor "Synology" for product "Vs960hd Firmware" and version " < 2.2.3-1505" | - |
Affected
| in | Synology Search vendor "Synology" | Vs960hd Search vendor "Synology" for product "Vs960hd" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-1 Firmware Search vendor "Oracle" for product "Fujitsu M10-1 Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M10-1 Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-1 Search vendor "Oracle" for product "Fujitsu M10-1" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-4 Firmware Search vendor "Oracle" for product "Fujitsu M10-4 Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M10-4 Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-4 Search vendor "Oracle" for product "Fujitsu M10-4" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-4s Firmware Search vendor "Oracle" for product "Fujitsu M10-4s Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M10-4s Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-4s Search vendor "Oracle" for product "Fujitsu M10-4s" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-1 Firmware Search vendor "Oracle" for product "Fujitsu M12-1 Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M12-1 Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-1 Search vendor "Oracle" for product "Fujitsu M12-1" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-2 Firmware Search vendor "Oracle" for product "Fujitsu M12-2 Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M12-2 Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-2 Search vendor "Oracle" for product "Fujitsu M12-2" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-2s Firmware Search vendor "Oracle" for product "Fujitsu M12-2s Firmware" | < xcp2361 Search vendor "Oracle" for product "Fujitsu M12-2s Firmware" and version " < xcp2361" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-2s Search vendor "Oracle" for product "Fujitsu M12-2s" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-1 Firmware Search vendor "Oracle" for product "Fujitsu M10-1 Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M10-1 Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-1 Search vendor "Oracle" for product "Fujitsu M10-1" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-4 Firmware Search vendor "Oracle" for product "Fujitsu M10-4 Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M10-4 Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-4 Search vendor "Oracle" for product "Fujitsu M10-4" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M10-4s Firmware Search vendor "Oracle" for product "Fujitsu M10-4s Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M10-4s Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M10-4s Search vendor "Oracle" for product "Fujitsu M10-4s" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-1 Firmware Search vendor "Oracle" for product "Fujitsu M12-1 Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M12-1 Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-1 Search vendor "Oracle" for product "Fujitsu M12-1" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-2 Firmware Search vendor "Oracle" for product "Fujitsu M12-2 Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M12-2 Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-2 Search vendor "Oracle" for product "Fujitsu M12-2" | - | - |
Safe
|
| Oracle Search vendor "Oracle" | Fujitsu M12-2s Firmware Search vendor "Oracle" for product "Fujitsu M12-2s Firmware" | < xcp3070 Search vendor "Oracle" for product "Fujitsu M12-2s Firmware" and version " < xcp3070" | - |
Affected
| in | Oracle Search vendor "Oracle" | Fujitsu M12-2s Search vendor "Oracle" for product "Fujitsu M12-2s" | - | - |
Safe
|
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | >= 4.2.6 < 4.2.8 Search vendor "Ntp" for product "Ntp" and version " >= 4.2.6 < 4.2.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | - |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta4 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-beta5 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p1-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p10 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p2-rc3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc1 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc2 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p3-rc3 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p4 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p5 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p6 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p7 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p8 |
Affected
| ||||||
| Ntp Search vendor "Ntp" | Ntp Search vendor "Ntp" for product "Ntp" | 4.2.8 Search vendor "Ntp" for product "Ntp" and version "4.2.8" | p9 |
Affected
| ||||||
| Synology Search vendor "Synology" | Diskstation Manager Search vendor "Synology" for product "Diskstation Manager" | >= 5.2 < 6.1.6-15266 Search vendor "Synology" for product "Diskstation Manager" and version " >= 5.2 < 6.1.6-15266" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Router Manager Search vendor "Synology" for product "Router Manager" | >= 1.1 < 1.1.6-6931-3 Search vendor "Synology" for product "Router Manager" and version " >= 1.1 < 1.1.6-6931-3" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Skynas Search vendor "Synology" for product "Skynas" | < 6.1.5-15254 Search vendor "Synology" for product "Skynas" and version " < 6.1.5-15254" | - |
Affected
| ||||||
| Synology Search vendor "Synology" | Virtual Diskstation Manager Search vendor "Synology" for product "Virtual Diskstation Manager" | < 6.1.6-15266 Search vendor "Synology" for product "Virtual Diskstation Manager" and version " < 6.1.6-15266" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Search vendor "Netapp" for product "Hci" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire Search vendor "Netapp" for product "Solidfire" | - | - |
Affected
| ||||||
| Hpe Search vendor "Hpe" | Hpux-ntp Search vendor "Hpe" for product "Hpux-ntp" | < c.4.2.8.4.0 Search vendor "Hpe" for product "Hpux-ntp" and version " < c.4.2.8.4.0" | - |
Affected
| ||||||