Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-7185

The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.

Published

2018-03-06T20:29:01.500

Last Modified

2025-01-14T19:29:55.853

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ntp	ntp	< 4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	ntp	ntp	4.2.8	Yes
Application	synology	router_manager	< 1.1.6-6931-3	Yes
Application	synology	skynas	< 6.1.5-15254	Yes
Application	synology	virtual_diskstation_manager	< 6.1.6-15266	Yes
Operating System	synology	diskstation_manager	< 6.1.6-15266	Yes
Operating System	synology	vs960hd_firmware	< 2.2.3-1505	Yes
Hardware	synology	vs960hd	-	No
Operating System	canonical	ubuntu_linux	12.04	Yes
Operating System	canonical	ubuntu_linux	14.04	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	17.10	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Application	netapp	hci	-	Yes
Application	netapp	solidfire	-	Yes
Application	hpe	hpux-ntp	< c.4.2.8.4.0	Yes
Operating System	oracle	fujitsu_m10-1_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m10-1	-	No
Operating System	oracle	fujitsu_m10-4_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m10-4	-	No
Operating System	oracle	fujitsu_m10-4s_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m10-4s	-	No
Operating System	oracle	fujitsu_m12-1_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m12-1	-	No
Operating System	oracle	fujitsu_m12-2_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m12-2	-	No
Operating System	oracle	fujitsu_m12-2s_firmware	< xcp2361	Yes
Hardware	oracle	fujitsu_m12-2s	-	No
Operating System	oracle	fujitsu_m10-1_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m10-1	-	No
Operating System	oracle	fujitsu_m10-4_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m10-4	-	No
Operating System	oracle	fujitsu_m10-4s_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m10-4s	-	No
Operating System	oracle	fujitsu_m12-1_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m12-1	-	No
Operating System	oracle	fujitsu_m12-2_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m12-2	-	No
Operating System	oracle	fujitsu_m12-2s_firmware	< xcp3070	Yes
Hardware	oracle	fujitsu_m12-2s	-	No

References

http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html Third Party Advisory, VDB Entry ([email protected])
http://support.ntp.org/bin/view/Main/NtpBug3454 Mitigation, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/541824/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/103339 Third Party Advisory, VDB Entry ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201805-12 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20180626-0001/ Third Party Advisory ([email protected])
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us Third Party Advisory ([email protected])
https://usn.ubuntu.com/3707-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/3707-2/ Third Party Advisory ([email protected])
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Third Party Advisory ([email protected])
https://www.synology.com/support/security/Synology_SA_18_13 Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://support.ntp.org/bin/view/Main/NtpBug3454 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/541824/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/103339 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201805-12 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20180626-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03962en_us Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3707-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/3707-2/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.synology.com/support/security/Synology_SA_18_13 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)