5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
0.059 Low
EPSS
Percentile
93.5%
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victimβs ntpd instance.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 11 | all | ntp | <Β 1:4.2.8p14+dfsg-1 | ntp_1:4.2.8p14+dfsg-1_all.deb |
Debian | 12 | all | ntpsec | <Β 1.2.2+dfsg1-1+deb12u1 | ntpsec_1.2.2+dfsg1-1+deb12u1_all.deb |
Debian | 11 | all | ntpsec | <Β 1.2.0+dfsg1-4 | ntpsec_1.2.0+dfsg1-4_all.deb |
Debian | 999 | all | ntpsec | <Β 1.2.3+dfsg1-3 | ntpsec_1.2.3+dfsg1-3_all.deb |
Debian | 13 | all | ntpsec | <Β 1.2.3+dfsg1-3 | ntpsec_1.2.3+dfsg1-3_all.deb |
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
0.059 Low
EPSS
Percentile
93.5%