High severity7.7NVD Advisory· Published Jan 26, 2016· Updated Jun 17, 2026
CVE-2015-7974
CVE-2015-7974
Description
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
51- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*range: >=4.2.0,<4.2.8
- cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
- (no CPE)range: 4.x < 4.2.8p6, 4.3.x < 4.3.90
- cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
- osv-coords24 versionspkg:rpm/opensuse/ntp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/ntp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/ntp&distro=SUSE%20Manager%202.1pkg:rpm/suse/ntp&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/ntp&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSSpkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012pkg:rpm/suse/yast2-ntp-client&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
< 4.2.8p9-1.1+ 23 more
- (no CPE)range: < 4.2.8p9-1.1
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p6-8.2
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-8.2
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p6-8.2
- (no CPE)range: < 4.2.8p6-8.2
- (no CPE)range: < 4.2.8p6-46.5.2
- (no CPE)range: < 4.2.8p6-8.2
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 4.2.8p6-41.1
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.22-6.2
- (no CPE)range: < 2.17.14.1-1.12.1
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.22-6.2
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.22-6.2
- (no CPE)range: < 3.1.12.4-8.2
- (no CPE)range: < 3.1.22-6.2
Patches
Vulnerability mechanics
References
14- www.talosintel.com/reports/TALOS-2016-0071/nvdExploitThird Party Advisory
- bugs.ntp.org/show_bug.cginvdIssue TrackingVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-2583.htmlnvdThird Party Advisory
- support.ntp.org/bin/view/Main/NtpBug2936nvdVendor Advisory
- www.debian.org/security/2016/dsa-3629nvdThird Party Advisory
- www.securityfocus.com/bid/81960nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034782nvdThird Party AdvisoryVDB Entry
- cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfnvdThird Party Advisory
- h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- security.freebsd.org/advisories/FreeBSD-SA-16:09.ntp.ascnvdThird Party Advisory
- security.gentoo.org/glsa/201607-15nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20171031-0001/nvdThird Party Advisory
- us-cert.cisa.gov/ics/advisories/icsa-21-103-11nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.