← Back

CVE-2015-7871

nvd nist
Published: Aug 7, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

Affected (91)

Ntp
1 product
Ntp
Debian
1 product
Debian Linux
Netapp
5 products
Clustered Data Ontap
Data Ontap
Oncommand Balance
Oncommand Performance Manager
Oncommand Unified Manager
Configuration A
83 vulnerable
Vulnerable SoftwareAffected Versions
Ntp
Ntp
From 4.2.6 to 4.2.8
Ntp
From 4.3.0 to 4.3.77
Ntp
Version 4.2.5 p186
Ntp
Version 4.2.5 p187
Ntp
Version 4.2.5 p188
Ntp
Version 4.2.5 p189
Ntp
Version 4.2.5 p190
Ntp
Version 4.2.5 p191
Ntp
Version 4.2.5 p192
Ntp
Version 4.2.5 p193
Ntp
Version 4.2.5 p194
Ntp
Version 4.2.5 p195
Ntp
Version 4.2.5 p196
Ntp
Version 4.2.5 p197
Ntp
Version 4.2.5 p198
Ntp
Version 4.2.5 p199
Ntp
Version 4.2.5 p200
Ntp
Version 4.2.5 p201
Ntp
Version 4.2.5 p202
Ntp
Version 4.2.5 p203
Ntp
Version 4.2.5 p204
Ntp
Version 4.2.5 p205
Ntp
Version 4.2.5 p206
Ntp
Version 4.2.5 p207
Ntp
Version 4.2.5 p208
Ntp
Version 4.2.5 p209
Ntp
Version 4.2.5 p210
Ntp
Version 4.2.5 p211
Ntp
Version 4.2.5 p212
Ntp
Version 4.2.5 p213
Ntp
Version 4.2.5 p214
Ntp
Version 4.2.5 p215
Ntp
Version 4.2.5 p216
Ntp
Version 4.2.5 p217
Ntp
Version 4.2.5 p218
Ntp
Version 4.2.5 p219
Ntp
Version 4.2.5 p220
Ntp
Version 4.2.5 p221
Ntp
Version 4.2.5 p222
Ntp
Version 4.2.5 p223
Ntp
Version 4.2.5 p224
Ntp
Version 4.2.5 p225
Ntp
Version 4.2.5 p226
Ntp
Version 4.2.5 p227
Ntp
Version 4.2.5 p228
Ntp
Version 4.2.5 p229
Ntp
Version 4.2.5 p230
Ntp
Version 4.2.5 p231_rc1
Ntp
Version 4.2.5 p232_rc1
Ntp
Version 4.2.5 p233_rc1
Ntp
Version 4.2.5 p234_rc1
Ntp
Version 4.2.5 p235_rc1
Ntp
Version 4.2.5 p236_rc1
Ntp
Version 4.2.5 p237_rc1
Ntp
Version 4.2.5 p238_rc1
Ntp
Version 4.2.5 p239_rc1
Ntp
Version 4.2.5 p240_rc1
Ntp
Version 4.2.5 p241_rc1
Ntp
Version 4.2.5 p242_rc1
Ntp
Version 4.2.5 p243_rc1
Ntp
Version 4.2.5 p244_rc1
Ntp
Version 4.2.5 p245_rc1
Ntp
Version 4.2.5 p246_rc1
Ntp
Version 4.2.5 p247_rc1
Ntp
Version 4.2.5 p248_rc1
Ntp
Version 4.2.5 p249_rc1
Ntp
Version 4.2.5 p250_rc1
Ntp
Version 4.2.8 p1-beta1
Ntp
Version 4.2.8 p1-beta2
Ntp
Version 4.2.8 p1-beta3
Ntp
Version 4.2.8 p1-beta4
Ntp
Version 4.2.8 p1-beta5
Ntp
Version 4.2.8 p1-rc1
Ntp
Version 4.2.8 p1-rc2
Ntp
Version 4.2.8 p1
Ntp
Version 4.2.8 p2-rc1
Ntp
Version 4.2.8 p2-rc2
Ntp
Version 4.2.8 p2-rc3
Ntp
Version 4.2.8 p2
Ntp
Version 4.2.8 p3-rc1
Ntp
Version 4.2.8 p3-rc2
Ntp
Version 4.2.8 p3-rc3
Ntp
Version 4.2.8 p3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
5 vulnerable
Vulnerable SoftwareAffected Versions
Clustered Data Ontap
All versions
Data Ontap
All versions
Oncommand Balance
All versions
Oncommand Performance Manager
All versions
Oncommand Unified Manager
All versions

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (20)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Issue TrackingThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.