CVE-2019-11331 - Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed po

CVE-2019-11331

Summary

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.

References

http://www.securityfocus.com/bid/108010
https://support.f5.com/csp/article/K09940637
https://support.f5.com/csp/article/K09940637?utm_source=f5support&utm_medium=RSS
https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00

Vulnerable Configurations

cpe:2.3:a:ntp:ntp:-:*:*:*:*:*:*:*
cpe:2.3:a:ntp:ntp:-:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	108010
confirm	https://support.f5.com/csp/article/K09940637 https://support.f5.com/csp/article/K09940637?utm_source=f5support&utm_medium=RSS
misc	https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00

Last major update

24-08-2020 - 17:37

Published

18-04-2019 - 22:29

Last modified

24-08-2020 - 17:37