CVE-2015-7703
Description
The pidfile or driftfile directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
8.074
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco IOS XE Software | NCM |
| Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco IOS | NCM |
| Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco NX-OS Software | NCM |
| Improper Input Validation Vulnerability (CVE-2015-7703) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
| PATCH-1706090 | Security Update for Cisco IOS Amsterdam-17.2.1r |
| PATCH-1706149 | Security Update for Cisco NX-OS Software 4.1(3a)UCSM |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234