VDB
CVE-2017-10624
CVE-2017-10624
PUBLISHED
An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.
EPSS 0.10% · 26.9th percentile
Risk Scores
EPSS Score
0.10%
26.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| NTPsec Project | NTPSec | a5fb34b9cc89b92a8fef2f459004865c93bb7f92 |
| NTP Project | NTP | 4.2.8p4, * |
Exploit Intelligence
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- CVE-2017-1000367 (github-poc)
- CVE-2017-1000367 (github-poc)
- CVE-2017-1000367 (github-poc)
- CVE-2017-1000367 (github-poc)
- own implementation of the CVE-2017-1000367 sudo privilege escalation vulnerability in python (github-poc)
- own implementation of the CVE-2017-1000367 sudo privilege escalation vulnerability in python (github-poc)
…and 149 more exploits
Timeline
- May 26, 2017 PoC Published
- Oct 13, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jun 28, 2021 PoC Published
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 11, 2021 PoC Published
- Dec 13, 2021 PoC Published
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
References
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10826&cat=SIRT_1&actp=LIST advisory
- 88276 vdb
- DSA-3629 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html url
- RHSA-2016:1141 vendor-advisory
- RHSA-2016:1552 vendor-advisory
- 1035705 vdb
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html url
- https://security.netapp.com/advisory/ntap-20171004-0002/ url
- http://www.talosintelligence.com/reports/TALOS-2016-0081/ url
- FreeBSD-SA-16:16 vendor-advisory
- GLSA-201607-15 vendor-advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf url
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11 url
- https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf url
- https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19 url