ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HNtp
APPNtp4.2.84.3.0 – 4.3.93 (bez)4.2.0 – 4.2.8 (bez)Opensuse Leap
OSOpensuse42.1Opensuse
OSOpensuse13.2Oracle Solaris
OSOracle1011.3Siemens Simatic Net Cp 443 1 Opc Ua
HWSiemenswszystkie wersjeSiemens Simatic Net Cp 443 1 Opc Ua Firmware
OSSiemenswszystkie wersjeSiemens Tim 4r Ie
HWSiemenswszystkie wersjeSiemens Tim 4r Ie Dnp3
HWSiemenswszystkie wersjeSiemens Tim 4r Ie Dnp3 Firmware
OSSiemenswszystkie wersjeSiemens Tim 4r Ie Firmware
OSSiemenswszystkie wersjeSUSE Linux Enterprise Desktop
OSSuse12SUSE Linux Enterprise Server
OSSuse1112SUSE Manager
APPSuse2.1SUSE Manager Proxy
APPSuse2.1SUSE Openstack Cloud
APPSuse5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoSAuth Bypass
CWE
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2020-16846CRITICAL9.8⚠ KEVten sam produkt
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...
CVE-2020-14871CRITICAL10.0⚠ KEVten sam produkt
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Su...
CVE-2020-12641CRITICAL9.8⚠ KEVten sam produkt
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacha...
CVE-2020-11651CRITICAL9.8⚠ KEVten sam produkt
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process Clea...