CVE-2015-7851 — Vulnetix

CVE-2015-7851 PUBLISHED CVSS 6.5 MEDIUM

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.

EPSS 0.49% · 65.9th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.49%

65.9th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
ntp	ntp	4.3.0, 4.2.8, 4.2.8

Exploit Intelligence

http://support.ntp.org/bin/view/Main/SecurityNotice (circl)
http://support.ntp.org/bin/view/Main/NtpBug2918 (circl)
http://www.talosintel.com/reports/TALOS-2015-0062/ (vulncheck-nvd)

Timeline

Jan 28, 2020 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
Jul 16, 2023 EPSS Score
Sep 7, 2023 EPSS Score

References

Open in Interactive Console →