CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
38.7%
NTPsec is prone to an improper filtering vulnerability.
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ntpsec:ntpsec";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.114365");
script_version("2024-02-20T14:37:13+0000");
script_tag(name:"last_modification", value:"2024-02-20 14:37:13 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2024-02-20 09:23:30 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-06-21 13:55:34 +0000 (Mon, 21 Jun 2021)");
script_cve_id("CVE-2021-22212");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("NTPsec < 1.2.1 Improper Filtering Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("General");
script_dependencies("ntp_open.nasl");
script_mandatory_keys("ntpsec/detected");
script_tag(name:"summary", value:"NTPsec is prone to an improper filtering vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"ntpkeygen can generate keys that ntpd fails to parse. NTPsec
allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or
fails to load these keys entirely, depending on the key type and the placement of the '#'. This
results in the administrator not being able to use the keys as expected or the keys are shorter
than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients
and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them, but for
other types there is no message as any length can be used for the legacy MAC. The key file is
normally only writable by administrators.");
script_tag(name:"affected", value:"NTPsec versions prior to 1.2.1.");
script_tag(name:"solution", value:"Update to version 1.2.1 or later.");
script_xref(name:"URL", value:"https://gitlab.com/NTPsec/ntpsec/-/issues/699");
script_xref(name:"URL", value:"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22212.json");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
proto = infos["proto"];
if (version_is_less(version: version, test_version: "1.2.1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "1.2.1", install_path: location);
security_message(port: port, proto: proto, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
38.7%