CVE-2015-7976
Description
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
3.168
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p3+dfsg-1ubuntu3.11_i386.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p3+dfsg-1ubuntu3.11_amd64.deb | Linux |
| Network Time Protocol daemon and utility programs (USN-3096-1) ntp_4.2.6.p5+dfsg-3ubuntu2.14.04.10_i386.deb | Linux |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 For Cisco IOS XE Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 For Cisco NX-OS Software | NCM |
| CVE-2015-7976 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1706107 | Security Update for Cisco IOS XE Software 5.2(1)SV5(1.3a) |
| PATCH-1706149 | Security Update for Cisco NX-OS Software 4.1(3a)UCSM |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234