CVE-2015-8140

MEDIUM

ntp < 4.2.8 - Replay Attack via ntpq Protocol

Title source: llm
STIX 2.1

Description

The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.

References (14)

Core 14
Core References
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034782
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html
Vendor Advisory x_refsource_confirm
http://support.ntp.org/bin/view/Main/NtpBug2947
Various Sources vendor-advisory x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc
Third Party Advisory x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa113
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201607-15
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200204-0003/
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/718152

Scores

CVSS v3 4.8
EPSS 0.0464
EPSS Percentile 90.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Details

CWE
CWE-284
Status published
Products (1)
ntp/ntp < 4.2.8
Published Jan 30, 2017
Tracked Since Feb 18, 2026