Home

CVE-2015-7851

Description

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use or / characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.532

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco IOSNCM
Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 For Cisco NX-OS SoftwareNCM
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2015-7851)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706090Security Update for Cisco IOS Amsterdam-17.2.1r
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234