Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Published

2017-08-07T20:29:00.997

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ntp ntp < 4.2.8 Yes
Application ntp ntp < 4.3.77 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.5 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Application ntp ntp 4.2.8 Yes
Operating System debian debian_linux 7.0 Yes
Operating System debian debian_linux 8.0 Yes
Operating System debian debian_linux 9.0 Yes
Application netapp oncommand_balance - Yes
Application netapp oncommand_performance_manager - Yes
Application netapp oncommand_unified_manager - Yes
Operating System netapp clustered_data_ontap - Yes
Operating System netapp data_ontap - Yes
References