CVE-2015-7871

CVSS V2 High 7.5 CVSS V3 Critical 9.8
Description
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Overview
  • CVE ID
  • CVE-2015-7871
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-08-07T20:29:00
  • Last Modified Date
  • 2021-04-13T12:15:15
Weakness Enumerations
CWE URL
CWE-287 http://cwe.mitre.org/data/definitions/287.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* 1 OR 4.2.6 4.2.8
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:* 1 OR 4.3.0 4.3.77
cpe:2.3:a:ntp:ntp:4.2.5:p186:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p187:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p188:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p189:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p190:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p191:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p192:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p193:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p194:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p195:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p196:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p197:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p198:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p199:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p200:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p201:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p202:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:* 1 OR
cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:netapp:data_ontap:-:*:*:*:*:7-mode:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1274265 Issue Tracking Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/77287 Third Party Advisory VDB Entry
http://support.ntp.org/bin/view/Main/NtpBug2941 Vendor Advisory
https://security.gentoo.org/glsa/201607-15 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201604-03 Third Party Advisory VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033951 Third Party Advisory VDB Entry
http://www.debian.org/security/2015/dsa-3388 Third Party Advisory
https://security.netapp.com/advisory/ntap-20171004-0001/ Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2015-7871
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871
History
Created Old Value New Value Data Type Notes
2022-05-10 07:16:01 Added to TrackCVE
2022-12-02 19:29:25 2017-08-07T20:29Z 2017-08-07T20:29:00 CVE Published Date updated
2022-12-02 19:29:25 2021-04-13T12:15:15 CVE Modified Date updated
2022-12-02 19:29:25 Modified Vulnerability Status updated