CVE-2016-7428 : ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

Published 2017-01-13 16:59:00

Updated 2019-01-24 11:29:03

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2016-7428

Probability of exploitation activity in the next 30 days: 1.00%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-7428

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.3	MEDIUM	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	2.8	1.4	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2016-7428

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7428

http://www.securityfocus.com/bid/94446

NTP CVE-2016-7428 Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3707-2/

USN-3707-2: NTP vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://nwtime.org/ntp428p9_release/

Network Time Foundation Publishes NTP 4.2.8p9 Security Release
Release Notes;Vendor Advisory

CVEs referencing this url
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc

CVEs referencing this url
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us

HPESBUX03706 rev.1 - HP-UX NTP service running ntpd, Multiple Vulnerabilities

CVEs referencing this url
https://bto.bluecoat.com/security-advisory/sa139

SA139 : November 2016 NTP Security Vulnerabilities

CVEs referencing this url
http://support.ntp.org/bin/view/Main/NtpBug3113

NtpBug3113 < Main < NTP
Issue Tracking;Mitigation;Vendor Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us

HPESBHF03883 rev.1 - HPE Comware 5 and Comware 7 Products using NTP, Remote Denial of Service

CVEs referencing this url
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us

HPESBHF03899 rev.1 - HPE Converged System 700 Virtual Services Router (VSR) using NTP

CVEs referencing this url
https://www.kb.cert.org/vuls/id/633847

VU#633847 - NTP.org ntpd contains multiple denial of service vulnerabilities
Third Party Advisory;US Government Resource

CVEs referencing this url
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities

SecurityNotice < Main < NTP
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037354

ntp Multiple Bugs Let Remote Users Cause the Target Service to Crash - SecurityTracker

CVEs referencing this url

Products affected by CVE-2016-7428

NTP » NTP » Version: 4.2.8 Update P6
cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P7
cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*
Matching versions
NTP » NTP » Version: 4.2.8 Update P8
cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-7428

Exploit prediction scoring system (EPSS) score for CVE-2016-7428

CVSS scores for CVE-2016-7428

CWE ids for CVE-2016-7428

References for CVE-2016-7428

Products affected by CVE-2016-7428