VDB

CVE-2016-2517

CVE-2016-2517 PUBLISHED

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

EPSS 3.01% · 86.9th percentile

Risk Scores

EPSS Score
3.01%
86.9th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTSntp0, 1:4.2.6.p5+dfsg-3ubuntu2.14.04.1, 1:4.2.6.p5+dfsg-3ubuntu2.14.04.2
Ubuntu:16.04:LTSntp0, 1:4.2.6.p5+dfsg-3ubuntu8, 1:4.2.6.p5+dfsg-3ubuntu9

Exploit Intelligence

…and 566 more exploits

Timeline

  • Apr 26, 2016 CVE Published
  • Oct 2, 2020 PoC Published
  • Nov 6, 2020 PoC Published
  • Sep 6, 2021 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Dec 18, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 25, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›