High severity7.7NVD Advisory· Published Jan 26, 2016· Updated May 6, 2026
CVE-2015-7974
CVE-2015-7974
Description
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Affected products
26- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*range: >=4.2.0,<4.2.8
- cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*
- cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- www.talosintel.com/reports/TALOS-2016-0071/nvdExploitThird Party Advisory
- bugs.ntp.org/show_bug.cginvdIssue TrackingVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-2583.htmlnvdThird Party Advisory
- support.ntp.org/bin/view/Main/NtpBug2936nvdVendor Advisory
- www.debian.org/security/2016/dsa-3629nvdThird Party Advisory
- www.securityfocus.com/bid/81960nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034782nvdThird Party AdvisoryVDB Entry
- cert-portal.siemens.com/productcert/pdf/ssa-497656.pdfnvdThird Party Advisory
- h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- h20566.www2.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- security.freebsd.org/advisories/FreeBSD-SA-16:09.ntp.ascnvdThird Party Advisory
- security.gentoo.org/glsa/201607-15nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20171031-0001/nvdThird Party Advisory
- us-cert.cisa.gov/ics/advisories/icsa-21-103-11nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.