{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T02:28:48.813","vulnerabilities":[{"cve":{"id":"CVE-2016-1547","sourceIdentifier":"cret@cert.org","published":"2017-01-06T21:59:00.320","lastModified":"2026-06-17T00:42:08.537","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled."},{"lang":"es","value":"Un atacante fuera de ruta puede provocar que una asociación de clientes preventiva sea desmovilizada en NTP 4.2.8p4 y versiones anteriores y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 enviando un paquete NAK encriptado a un cliente víctima con una dirección fuente suplantada de un asociado existente. Esto es cierto incluso si la autenticación está habilitada."}],"affected":[{"source":"cret@cert.org","affectedData":[{"vendor":"NTP Project","product":"NTP","versions":[{"version":"4.2.8p3","status":"affected"},{"version":"4.2.8p4","status":"affected"}]},{"vendor":"NTPsec Project","product":"NTPSec","versions":[{"version":"a5fb34b9cc89b92a8fef2f459004865c93bb7f92","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p4:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"05D076CA-85DD-48B4-9A8A-F413FFBFB55F"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"cret@cert.org"},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cret@cert.org"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cret@cert.org"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/88276","source":"cret@cert.org"},{"url":"http://www.securitytracker.com/id/1035705","source":"cret@cert.org"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0081/","source":"cret@cert.org","tags":["Mitigation","Technical Description","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"cret@cert.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"cret@cert.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"cret@cert.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cret@cert.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cret@cert.org"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cret@cert.org"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"cret@cert.org"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19","source":"cret@cert.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/88276","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0081/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Technical Description","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}