Home

CVE-2015-1798

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.

Risk Information

Base Score
5.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.83

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-5.8-7.1.x86_64.rpmLinux
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-debuginfo-5.8-7.1.x86_64.rpmLinux
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-debugsource-5.8-7.1.x86_64.rpmLinux
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco IOSNCM
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability For Cisco UCS Central SoftwareNCM
Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability For Cisco Network Convergence System 6000 Series RoutersNCM
CVE-2015-1798NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM
PATCH-1705950Security Update for Cisco UCS Central Software 2.0(1a)
PATCH-1705630Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234