Base Score

MEDIUM5.3

CVE-2015-5146

ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 24, 2017, 20:29

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH