Home

CVE-2015-7974

Description

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key.

Risk Information

Base Score
7.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
EPSS Score
Exploitation Probability
7.826

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Netapp Oncommand Balance 2.3Windows
Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p3+dfsg-1ubuntu3.11_i386.debLinux
Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p3+dfsg-1ubuntu3.11_amd64.debLinux
Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10_i386.debLinux
SUSE-SU-2016:1177-1(SUSE Linux Enterprise Desktop 12-SP1 ) yast2-ntp-client-3.1.22-6.2.noarch.rpmLinux
SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-4.2.8p8-46.8.1.x86_64.rpmLinux
SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-debuginfo-4.2.8p8-46.8.1.x86_64.rpmLinux
SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-debugsource-4.2.8p8-46.8.1.x86_64.rpmLinux
SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-doc-4.2.8p8-46.8.1.x86_64.rpmLinux
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 For Cisco IOS XE SoftwareNCM
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 For Cisco NX-OS SoftwareNCM
Improper Authentication Vulnerability (CVE-2015-7974)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706107Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a)
PATCH-1706149Security Update for Cisco NX-OS Software 4.1(3a)UCSM

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234