Vulnerability Description
Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meinberg | Ntp Server Firmware | <= 6.0 |
| Meinberg | Ims-Lantime M1000 | - |
| Meinberg | Ims-Lantime M3000 | - |
| Meinberg | Ims-Lantime M500 | - |
| Meinberg | Lantime M100 | - |
| Meinberg | Lantime M200 | - |
| Meinberg | Lantime M300 | - |
| Meinberg | Lantime M400 | - |
| Meinberg | Lantime M600 | - |
| Meinberg | Lantime M900 | - |
| Meinberg | Lces | - |
| Meinberg | Syncfire 1100 | - |
Related Weaknesses (CWE)
References
- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-16-175-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-3988?
CVE-2016-3988 is a vulnerability with a CVSS score of 7.3 (HIGH). Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTI...
How severe is CVE-2016-3988?
CVE-2016-3988 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3988?
Check the references section above for vendor advisories and patch information. Affected products include: Meinberg Ntp Server Firmware, Meinberg Ims-Lantime M1000, Meinberg Ims-Lantime M3000, Meinberg Ims-Lantime M500, Meinberg Lantime M100.