CVE-2015-7848 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-7848?

CVE-2015-7848 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7848?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap, Netapp Data Ontap Operating In 7-Mode, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.

Vulnerability Description

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netapp	Clustered Data Ontap	-
Netapp	Data Ontap Operating In 7-Mode	-
Netapp	Oncommand Balance	-
Netapp	Oncommand Performance Manager	-
Netapp	Oncommand Unified Manager	-
Ntp	Ntp	>= 4.0, < 4.2.8

Related Weaknesses (CWE)

CWE-190

References

http://www.securityfocus.com/bid/77275Broken Link
http://www.securitytracker.com/id/1033951Broken Link
http://www.talosintelligence.com/reports/TALOS-2015-0052/ExploitTechnical DescriptionThird Party Advisory
https://security.gentoo.org/glsa/201607-15Third Party Advisory
https://security.netapp.com/advisory/ntap-20171004-0001/Third Party Advisory
http://www.securityfocus.com/bid/77275Broken Link
http://www.securitytracker.com/id/1033951Broken Link
http://www.talosintelligence.com/reports/TALOS-2015-0052/ExploitTechnical DescriptionThird Party Advisory
https://security.gentoo.org/glsa/201607-15Third Party Advisory
https://security.netapp.com/advisory/ntap-20171004-0001/Third Party Advisory

FAQ

What is CVE-2015-7848?

CVE-2015-7848 is a vulnerability with a CVSS score of 7.5 (HIGH). An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct ...

How severe is CVE-2015-7848?

CVE-2015-7848 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7848?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Clustered Data Ontap, Netapp Data Ontap Operating In 7-Mode, Netapp Oncommand Balance, Netapp Oncommand Performance Manager, Netapp Oncommand Unified Manager.