Base Score

CRITICAL9.8

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 07, 2017, 20:29

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00093.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
http://packetstormsecurity.com/files/134137/Slackware-Security-Advisory-ntp-Updates.html
http://support.ntp.org/bin/view/Main/NtpBug2901
http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_4_2_8p4_Securit
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp
http://www.securityfocus.com/archive/1/536737/100/0/threaded
http://www.securityfocus.com/archive/1/536796/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/536737/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/536796/100/100/threaded
http://www.securityfocus.com/bid/77284
http://www.securitytracker.com/id/1033951
http://www.ubuntu.com/usn/USN-2783-1
https://bto.bluecoat.com/security-advisory/sa103
https://bugzilla.redhat.com/show_bug.cgi?id=1274184
https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
https://eprint.iacr.org/2015/1020.pdf
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05270839
https://security.gentoo.org/glsa/201607-15
https://security.netapp.com/advisory/ntap-20171004-0001/
https://support.citrix.com/article/CTX220112
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11
https://www.arista.com/en/support/advisories-notices/security-advisories/1212-security-advisory-0016
https://www.cs.bu.edu/~goldbe/NTPattack.html
https://www.kb.cert.org/vuls/id/718152

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH