1. Home
  2. CVE Database
  3. CVE-2016-2517
MEDIUM · 5.3

CVE-2016-2517

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending ...

Vulnerability Description

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
NtpNtp<= 4.2.8

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2016-2517?

CVE-2016-2517 is a vulnerability with a CVSS score of 5.3 (MEDIUM). NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending ...

How severe is CVE-2016-2517?

CVE-2016-2517 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2517?

Check the references section above for vendor advisories and patch information. Affected products include: Ntp Ntp.