Vulnerability Details : CVE-2015-7974
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Vulnerability category: BypassGain privilege
Products affected by CVE-2015-7974
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7974
2.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7974
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N |
3.1
|
4.0
|
NIST |
CWE ids for CVE-2015-7974
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7974
-
https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf
Third Party Advisory
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us
HPESBHF03766 rev.1 - HPE ConvergedSystem 700 Solution with Comware v5 Switches using NTP, Remote Denial of Service (DoS), Unauthorized Modification and Local Denial of Service (DoS)Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2583.html
RHSA-2016:2583 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1034782
ntp Multiple Flaws Let Remote Users Spoof Messages, Obtain Potentially Sensitive Information, and Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.gentoo.org/glsa/201607-15
NTP: Multiple vulnerabilities (GLSA 201607-15) — Gentoo securityThird Party Advisory
-
http://www.talosintel.com/reports/TALOS-2016-0071/
TALOS-2016-0071 || Cisco Talos Intelligence Group - Comprehensive Threat IntelligenceExploit;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20171031-0001/
January 2016 Network Time Protocol Daemon (ntpd) Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
Third Party Advisory
-
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11
Siemens TIM 4R-IE Devices | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/81960
NTP CVE-2015-7974 Symmetric Key Encryption Authentication Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://bugs.ntp.org/show_bug.cgi?id=2936
Issue Tracking;Vendor Advisory
-
http://support.ntp.org/bin/view/Main/NtpBug2936
NtpBug2936 < Main < NTPVendor Advisory
-
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us
HPESBHF03750 rev.1 - HPE Network Products including Comware 5, Comware 7 and VCX running NTP, Remote Denial of Service (DoS), Unauthorized Modification, Local Denial of Service (DoS)Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3629
Debian -- Security Information -- DSA-3629-1 ntpThird Party Advisory
Jump to