Home

CVE-2015-1799

Description

The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.638

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-5.8-7.1.x86_64.rpmLinux
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-debuginfo-5.8-7.1.x86_64.rpmLinux
SUSE-SU-2016:2094-1(SUSE Linux Enterprise Desktop 12-SP1 ) ctags-debugsource-5.8-7.1.x86_64.rpmLinux
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco IOSNCM
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products For Cisco NX-OS SoftwareNCM
Network Time Protocol Daemon Symmetric Mode Packet Processing Denial of Service Vulnerability For Cisco Network Convergence System 6000 Series RoutersNCM
CVE-2015-1799NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM
PATCH-1705630Security Update for Cisco Network Convergence System 6000 Series Routers 6.1.4

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234