CVE-2016-3962

Name of the Vulnerable Software and Affected Versions Meinberg IMS-LANTIME M3000 versions prior to 6.20.004 Meinberg IMS-LANTIME M1000 versions prior to 6.20.004 Meinberg IMS-LANTIME M500 versions prior to 6.20.004 Meinberg LANTIME M900 versions prior to 6.20.004 Meinberg LANTIME M600 versions prior to 6.20.004 Meinberg LANTIME M400 versions prior to 6.20.004 Meinberg LANTIME M300 versions prior to 6.20.004 Meinberg LANTIME M200 versions prior to 6.20.004 Meinberg LANTIME M100 versions prior to 6.20.004 Meinberg SyncFire 1100 versions prior to 6.20.004 Meinberg LCES versions prior to 6.20.004

Description A stack-based buffer overflow issue exists in the NTP time-server interface, allowing remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request to a vulnerable API endpoint.

Recommendations Update the firmware of Meinberg IMS-LANTIME M3000 to version 6.20.004 or later. Update the firmware of Meinberg IMS-LANTIME M1000 to version 6.20.004 or later. Update the firmware of Meinberg IMS-LANTIME M500 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M900 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M600 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M400 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M300 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M200 to version 6.20.004 or later. Update the firmware of Meinberg LANTIME M100 to version 6.20.004 or later. Update the firmware of Meinberg SyncFire 1100 to version 6.20.004 or later. Update the firmware of Meinberg LCES to version 6.20.004 or later.