Vulnerability Description
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meinberg | Ntp Server Firmware | <= 6.0 |
| Meinberg | Ims-Lantime M1000 | - |
| Meinberg | Ims-Lantime M3000 | - |
| Meinberg | Ims-Lantime M500 | - |
| Meinberg | Lantime M100 | - |
| Meinberg | Lantime M200 | - |
| Meinberg | Lantime M300 | - |
| Meinberg | Lantime M400 | - |
| Meinberg | Lantime M600 | - |
| Meinberg | Lantime M900 | - |
| Meinberg | Lces | - |
| Meinberg | Syncfire 1100 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/40120/
- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/40120/
FAQ
What is CVE-2016-3962?
CVE-2016-3962 is a vulnerability with a CVSS score of 7.3 (HIGH). Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, L...
How severe is CVE-2016-3962?
CVE-2016-3962 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3962?
Check the references section above for vendor advisories and patch information. Affected products include: Meinberg Ntp Server Firmware, Meinberg Ims-Lantime M1000, Meinberg Ims-Lantime M3000, Meinberg Ims-Lantime M500, Meinberg Lantime M100.