CVE-2016-9042

Published Jun 4, 2018

Last updated 5 months ago

CVSS medium 5.9

Overview

Description: An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Source: talos-cna@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 3.7
Impact score: 1.4
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ntp:ntp:4.2.8:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE002C76-406D-4F22-B738-E17BDEA70BCC"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53E56F4F-B418-44DD-9C97-7276A4C58F3E"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A1FDA7-BE46-4FAB-A3FD-9A40C770C4AB",
            "versionEndExcluding": "c.4.2.8.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22EFD09A-3D77-47B0-93FB-50F6C13A2F9A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7F488810-73E3-4475-975A-C2FCA037E78B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References