CVE-2015-8140 — Improper Access Control in NTP

CWE-284 — Improper Access Control CWE-294 — Authentication Bypass by Capture-replay CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure CWE-287 — Improper Authentication CWE-39920 documents8 sources

Severity

4.8MEDIUMNVD

EPSS

29.9%

top 3.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

NTP Debian NTP

Timeline

PublishedJan 30

Latest updateMay 17

Description

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

▶debiandebian/ntp< ntp 1:4.2.8p7+dfsg-1 (bullseye)

▶Debianntp/ntp< 1:4.2.8p7+dfsg-1

▶NVDntp/ntp4.2.8

🔴Vulnerability Details

GHSA

GHSA-6wrq-h82h-4vm8: The ntpq protocol in NTP before 4↗2022-05-17

▶

OSV

CVE-2015-8140: The ntpq protocol in NTP before 4↗2017-01-30

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016↗2016-01-28

▶

BSD

FreeBSD-SA-16:09.ntp: Multiple vulnerabilities of ntp↗2016-01-27

▶

Red Hat

ntp: ntpq protocol vulnerable to replay attacks↗2016-01-20

▶

Debian

CVE-2015-8140: ntp - The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct repla...↗2015

▶

Cisco

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016↗

▶

💬Community

Bugzilla

CVE-2015-8140 ntp: ntpq protocol vulnerable to replay attacks↗2016-01-21

▶

Bugzilla

CVE-2015-7974 CVE-2015-8138 CVE-2015-7973 CVE-2015-7975 CVE-2015-7976 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158 CVE-2015-8139 CVE-2015-8140 ntp: various flaws [fedora-all]↗2016-01-20

▶