CVE-2016-1567
Published Jan 26, 2016
Last updated 8 years ago
Overview
- Description
- chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-254
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E8A8582-01A0-4CED-B30D-3319B5174F26",
"versionEndIncluding": "1.31.1"
},
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CCFD400-0554-4328-8050-E99B22CD22B3"
},
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B7204DA-395F-427C-9980-7649CB636A97"
},
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9CF3097-1FD9-47F0-B34B-210E35ECB5DD"
},
{
"criteria": "cpe:2.3:a:tuxfamily:chrony:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1A61900-971A-4A21-9BF0-C32696A9E1DD"
}
],
"operator": "OR"
}
]
}
]