4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.089 Low
EPSS
Percentile
94.6%
Problem Description:
A vulnerability was discovered in the NTP serverโs parsing
of configuration directives. [CVE-2017-6464]
A vulnerability was found in NTP, in the parsing of
packets from the DPTS Clock. [CVE-2017-6462]
A vulnerability was discovered in the NTP serverโs parsing
of configuration directives. [CVE-2017-6463]
A vulnerability was found in NTP, affecting the origin
timestamp check function. [CVE-2016-9042]
Impact:
A remote, authenticated attacker could cause ntpd to
crash by sending a crafted message. [CVE-2017-6463,
CVE-2017-6464]
A malicious device could send crafted messages, causing
ntpd to crash. [CVE-2017-6462]
An attacker able to spoof messages from all of the
configured peers could send crafted packets to ntpd, causing
later replies from those peers to be discarded, resulting
in denial of service. [CVE-2016-9042]
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
0.089 Low
EPSS
Percentile
94.6%