CVE-2016-1547
Description
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
3.664
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-4.2.8p8-46.8.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-debuginfo-4.2.8p8-46.8.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-debugsource-4.2.8p8-46.8.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1568-1(SUSE Linux Enterprise Desktop 12 ) ntp-doc-4.2.8p8-46.8.1.x86_64.rpm | Linux |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Application and Content Networking System (ACNS) Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Application Policy Infrastructure Controller (APIC) | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Digital Content Manager (DCM) Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Emergency Responder | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Jabber Guest | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco MediaSense | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Prime Infrastructure | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Prime Network Services Controller | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Prime Service Catalog | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco TelePresence ISDN Link | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco UCS Director | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Unified SIP Proxy | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Unity Connection | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Unity Express | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Applications for Cisco Unified Application Environment | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Cloud Portal | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco IronPort Encryption Appliance Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Email Encryption | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Firepower Management Center Virtual Appliance | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco 1000 Series Connected Grid Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Data Center Network Manager | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For CiscoPro Workgroup EtherSwitch Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Nexus 1000V Switch for VMware vSphere | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco UCS Central Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Prime Collaboration | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Virtual Topology System | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Network Convergence System 540 Series Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Collaboration Meeting Rooms (CMR) | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Digital Media Manager | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Video Networking Solutions | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Unified Communications Licensing | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Telepresence Integrator C Series | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco IPICS Server Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Videoscape Distribution Suite for Internet Streaming | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Enterprise CDN Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco NAC Appliance (Clean Access) | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco NAC Appliance 3300 Series | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco ASA Next-Generation Firewall Services | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Physical Access Gateways | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Video Surveillance Manager | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Identity Services Engine | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco IPS 4200 Series Sensors | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Videoscape Distribution Suite Transparent Caching | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco ASR 1000 Series Aggregation Services Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Cloud Services Router 1000V Series | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 3850 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 3650 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco 4000 Series Integrated Services Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco 1000 Series Integrated Services Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9300 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9500 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9400 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco 1100 Series Industrial Integrated Services Routers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9200 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9600 Series Switches | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Catalyst 9800 Series Wireless Controllers | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco TelePresence Administration Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Hosted Collaboration Solution (HCS) | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Unified MeetingPlace | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Virtualization Experience Client 6000 Series | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Wide Area Application Services (WAAS) Appliances | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco Prime Network Analysis Module Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For Cisco TelePresence Video Communication Server Software | NCM |
| Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016 For MPEG-4 Encoders | NCM |
| CVE-2016-1547 | NCM |
| Improper Input Validation Vulnerability (CVE-2016-1547) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705634 | Security Update for Cisco Application and Content Networking System (ACNS) Software 3.0(0)A5(3.1a) |
| PATCH-1706006 | Security Update for Cisco Application Policy Infrastructure Controller (APIC) 1.3(2k) |
| PATCH-1706007 | Security Update for Cisco Digital Content Manager (DCM) Software 20.0.0 |
| PATCH-1706049 | Security Update for Cisco Emergency Responder 12.0(0.98000.50) |
| PATCH-1705783 | Security Update for Cisco Jabber Guest 10.6(11) |
| PATCH-1705879 | Security Update for Cisco MediaSense 11.5(1.10000.6) |
| PATCH-1705595 | Security Update for Cisco Prime Infrastructure 2.2(2) |
| PATCH-1701930 | Security Update for Cisco Prime Network Services Controller 21.2.A0.65491 |
| PATCH-1706010 | Security Update for Cisco Prime Service Catalog 11.1_VA_OS_Patch |
| PATCH-1705893 | Security Update for Cisco TelePresence ISDN Link IL1.1.7 |
| PATCH-1705947 | Security Update for Cisco UCS Director 6.0(1.0) |
| PATCH-1705497 | Security Update for Cisco Unified SIP Proxy 8.5(5) |
| PATCH-1706048 | Security Update for Cisco Unity Connection 12.0(0.97000.184) |
| PATCH-1703070 | Security Update for Cisco Unity Express 6.2.1 |
| PATCH-1700385 | Security Update for Cisco Cloud Portal 10.0 |
| PATCH-1705938 | Security Update for Cisco Firepower Management Center Virtual Appliance 6.1.0.1 |
| PATCH-1705873 | Security Update for Cisco 1000 Series Connected Grid Routers 15.6(3.0q)M |
| PATCH-1706034 | Security Update for Cisco Data Center Network Manager 10.1(1.158)S0 |
| PATCH-1706035 | Security Update for CiscoPro Workgroup EtherSwitch Software 6.0(2)A8(4) |
| PATCH-1705949 | Security Update for Cisco Nexus 1000V Switch for VMware vSphere 5.2(1)SV3(3.1) |
| PATCH-1705950 | Security Update for Cisco UCS Central Software 2.0(1a) |
| PATCH-1705997 | Security Update for Cisco Prime Collaboration 11.0(0.815) |
| PATCH-1705711 | Security Update for Cisco Virtual Topology System 2.2(1) |
| PATCH-1706041 | Security Update for Cisco Network Convergence System 540 Series Routers 6.4.1.8i.BASE |
| PATCH-1705797 | Security Update for Cisco Digital Media Manager 5.6.3 |
| PATCH-1705954 | Security Update for Cisco Video Networking Solutions 2.6.9 |
| PATCH-1706042 | Security Update for Cisco Unified Communications Licensing 11.5(1.12001.2) |
| PATCH-1706043 | Security Update for Cisco Telepresence Integrator C Series 9.1.1 |
| PATCH-1705988 | Security Update for Cisco IPICS Server Software 4.10(2) |
| PATCH-1705993 | Security Update for Cisco Videoscape Distribution Suite for Internet Streaming 3.11(6.2) |
| PATCH-1705827 | Security Update for Cisco Enterprise CDN Software 5.5(41.2) |
| PATCH-1705725 | Security Update for Cisco NAC Appliance (Clean Access) 4.9(5) |
| PATCH-1705897 | Security Update for Cisco ASA Next-Generation Firewall Services 100.6(0.0.181) |
| PATCH-1706045 | Security Update for Cisco Video Surveillance Manager 7.10 |
| PATCH-1706002 | Security Update for Cisco Identity Services Engine 2.0(0.905) |
| PATCH-1705754 | Security Update for Cisco IPS 4200 Series Sensors 7.3(5)P1 |
| PATCH-1705898 | Security Update for Cisco ASR 1000 Series Aggregation Services Routers Denali-16.3.4a |
| PATCH-1705899 | Security Update for Cisco Cloud Services Router 1000V Series Denali-16.3.4a |
| PATCH-1705900 | Security Update for Cisco Catalyst 3850 Series Switches Denali-16.3.4a |
| PATCH-1705832 | Security Update for Cisco Catalyst 3650 Series Switches Everest-16.5.1 |
| PATCH-1705901 | Security Update for Cisco 4000 Series Integrated Services Routers Denali-16.3.4a |
| PATCH-1705902 | Security Update for Cisco 1000 Series Integrated Services Routers Denali-16.3.4a |
| PATCH-1705903 | Security Update for Cisco Catalyst 9300 Series Switches Denali-16.3.4a |
| PATCH-1705904 | Security Update for Cisco Catalyst 9500 Series Switches Denali-16.3.4a |
| PATCH-1705905 | Security Update for Cisco Catalyst 9400 Series Switches Denali-16.3.4a |
| PATCH-1705906 | Security Update for Cisco 1100 Series Industrial Integrated Services Routers Denali-16.3.4a |
| PATCH-1705907 | Security Update for Cisco Catalyst 9200 Series Switches Denali-16.3.4a |
| PATCH-1705908 | Security Update for Cisco Catalyst 9600 Series Switches Denali-16.3.4a |
| PATCH-1705909 | Security Update for Cisco Catalyst 9800 Series Wireless Controllers Denali-16.3.4a |
| PATCH-1705874 | Security Update for Cisco TelePresence Administration Software 6.1.13_3 |
| PATCH-1706050 | Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24) |
| PATCH-1705973 | Security Update for Cisco Unified MeetingPlace 8.6(2.45) |
| PATCH-1705446 | Security Update for Cisco Virtualization Experience Client 6000 Series 9.3(0) |
| PATCH-1706001 | Security Update for Cisco Wide Area Application Services (WAAS) Appliances 6.3(0.185) |
| PATCH-1706008 | Security Update for Cisco Prime Network Analysis Module Software 6.2(3) |
| PATCH-1706044 | Security Update for Cisco TelePresence Video Communication Server Software X8.9.2 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234