Vulnerability CVE-2014-5209

Vulnerability Name:

CVE-2014-5209 (CCN-95841)

Assigned:

2014-08-25

Published:

2014-08-25

Updated:

2020-01-24

Summary:

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-5209

Source: CCN
Type: NTP Web site
NTP Software Downloads

Source: CCN
Type: Rapid7 Web site
R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Source: MISC
Type: Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/95841

Source: XF
Type: UNKNOWN
ntp-cve20145209-info-disc(95841)

Source: MISC
Type: UNKNOWN
https://support.f5.com/csp/article/K44942017

Source: CONFIRM
Type: Third Party Advisory
https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS

Vulnerable Configuration:

Configuration 1:

cpe:/a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*

Configuration 2:

cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.6.4)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.4)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 13.0.0 and <= 13.1.1)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* (Version >= 14.0.0 and <= 14.1.0)

OR cpe:/a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:* (Version >= 11.4.0 and <= 11.4.1)

OR cpe:/a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* (Version >= 10.2.1 and <= 10.2.4)

OR cpe:/a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*

OR cpe:/a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* (Version >= 5.0.0 and <= 5.4.0)

OR cpe:/a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* (Version >= 6.0.0 and <= 6.1.0)

OR cpe:/a:f5:big-iq_cloud:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.5.0)

OR cpe:/a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:big-iq_device:*:*:*:*:*:*:*:* (Version >= 4.2.0 and <= 4.5.0)

OR cpe:/a:f5:big-iq_security:*:*:*:*:*:*:*:* (Version >= 4.0.0 and <= 4.5.0)

OR cpe:/a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:f5:iworkflow:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.3.0)

OR cpe:/a:f5:mobilesafe:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:f5:websafe:1.0.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:201452090000000	V	CVE-2014-5209 on Ubuntu 19.04 (disco) - low.	2020-01-08
oval:com.ubuntu.bionic:def:201452090000000	V	CVE-2014-5209 on Ubuntu 18.04 LTS (bionic) - low.	2020-01-08
oval:com.ubuntu.xenial:def:201452090000000	V	CVE-2014-5209 on Ubuntu 16.04 LTS (xenial) - low.	2020-01-08

BACK