CVE-2016-1547

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*

History

17 Nov 2021, 22:15

Type Values Removed Values Added
References
  • (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19 -

08 Jun 2021, 12:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf -

Information

Published : 2017-01-06 21:59

Updated : 2024-02-04 19:11


NVD link : CVE-2016-1547

Mitre link : CVE-2016-1547

CVE.ORG link : CVE-2016-1547


JSON object : View

Products Affected

ntp

  • ntp
CWE
CWE-20

Improper Input Validation