PT-2019-6080 · Ntp · Network Time Protocol

Publicado

2019-04-16

Atualizado

2020-08-24

CVE-2019-11331

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Network Time Protocol (NTP) (affected versions not specified)

Description The issue is related to insufficient protection of service data during port randomization in the Network Time Protocol (NTP). This can be exploited by a remote attacker to cause a denial of service by connecting through port 123. The protocol's use of port 123, as specified in RFC 5905, even in modes where a fixed port number is not required, makes it easier for remote attackers to conduct off-path attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254CWE-200

Identificadores relacionados

BDU:2021-04789

CVE-2019-11331

Produtos afetados

Network Time Protocol

PT-2019-6080 · Ntp · Network Time Protocol

CVE-2019-11331

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8