VDB

CVE-2016-1547

CVE-2016-1547 PUBLISHED

An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.

EPSS 3.66% · 88.1th percentile

Risk Scores

EPSS Score
3.66%
88.1th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSntp1:4.2.6.p5+dfsg-3ubuntu2.14.04.2, 1:4.2.6.p5+dfsg-3ubuntu2.14.04.3, 1:4.2.6.p5+dfsg-3ubuntu2.14.04.5
Ubuntu:16.04:LTSntp0, 1:4.2.6.p5+dfsg-3ubuntu8, 1:4.2.6.p5+dfsg-3ubuntu9

Exploit Intelligence

…and 584 more exploits

Timeline

  • Apr 26, 2016 CVE Published
  • May 26, 2017 PoC Published
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›