CVE-2015-7705

CVSS V2 High 7.5 CVSS V3 Critical 9.8
Description
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Overview
  • CVE ID
  • CVE-2015-7705
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-08-07T20:29:00
  • Last Modified Date
  • 2021-11-17T22:15:44
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* 1 OR 4.2.0 4.2.8
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* 1 OR 4.3.0 4.3.77
cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:* 1 OR
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:* 1 OR
AND
cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:citrix:xenserver:6.2.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:citrix:xenserver:6.5:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.kb.cert.org/vuls/id/718152 Third Party Advisory US Government Resource
https://www.cs.bu.edu/~goldbe/NTPattack.html Not Applicable
https://eprint.iacr.org/2015/1020.pdf Technical Description
https://bugzilla.redhat.com/show_bug.cgi?id=1274184 Issue Tracking Third Party Advisory VDB Entry
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit Release Notes Vendor Advisory
http://support.ntp.org/bin/view/Main/NtpBug2901 Vendor Advisory
https://security.gentoo.org/glsa/201607-15 Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/77284 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033951 Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20171004-0001/ Third Party Advisory
https://support.citrix.com/article/CTX220112 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 Third Party Advisory US Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
http://www.ubuntu.com/usn/USN-2783-1
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded
https://bto.bluecoat.com/security-advisory/sa103
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
http://www.securityfocus.com/archive/1/536796/100/0/threaded
http://www.securityfocus.com/archive/1/536737/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016
History
Created Old Value New Value Data Type Notes
2022-05-10 06:46:07 Added to TrackCVE
2022-12-02 19:29:04 2017-08-07T20:29Z 2017-08-07T20:29:00 CVE Published Date updated
2022-12-02 19:29:04 2021-11-17T22:15:44 CVE Modified Date updated
2022-12-02 19:29:04 Modified Vulnerability Status updated