CVE-2014-5209 - Vulnerability Details

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Advanced Firewall Manager Big-ip Analytics Big-ip Application Acceleration Manager Big-ip Application Security Manager Big-ip Domain Name System Big-ip Edge Gateway Big-ip Global Traffic Manager Big-ip Link Controller Big-ip Local Traffic Manager Big-ip Policy Enforcement Manager Big-ip Protocol Security Module Big-ip Wan Optimization Manager Big-ip Webaccelerator Big-iq Adc Big-iq Centralized Management Big-iq Cloud Big-iq Cloud And Orchestration Big-iq Device Big-iq Security Enterprise Manager Iworkflow Mobilesafe Websafe
Ntp	Ntp

Configuration 1 [-]

cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_analytics:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_edge_gateway::::::::
	cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_link_controller:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager::::::::
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module::::::::
	cpe:2.3:a:f5:big-ip_protocol_security_module::::::::
	cpe:2.3:a:f5:big-ip_wan_optimization_manager::::::::
	cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:::::::*
	cpe:2.3:a:f5:big-ip_webaccelerator::::::::
	cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:::::::*
cpe:2.3:a:f5:big-iq_adc:4.5.0:::::::*
cpe:2.3:a:f5:big-iq_centralized_management::::::::
cpe:2.3:a:f5:big-iq_centralized_management::::::::
cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:::::::*
cpe:2.3:a:f5:big-iq_cloud::::::::
cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:::::::*
cpe:2.3:a:f5:big-iq_device::::::::
cpe:2.3:a:f5:big-iq_security::::::::
cpe:2.3:a:f5:enterprise_manager:3.1.1:::::::*
cpe:2.3:a:f5:iworkflow::::::::
cpe:2.3:a:f5:mobilesafe:1.0.0:::::::*
cpe:2.3:a:f5:websafe:1.0.0:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/95841
https://nvd.nist.gov/vuln/detail/CVE-2014-5209
https://support.f5.com/csp/article/K44942017
https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS
https://www.cve.org/CVERecord?id=CVE-2014-5209

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2020-01-08T00:29:42

Updated: 2024-08-06T11:41:47.478Z

Reserved: 2014-08-13T00:00:00

Link: CVE-2014-5209

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-08T01:15:09.547

Modified: 2024-11-21T02:11:37.840

Link: CVE-2014-5209

Redhat

Severity : Low

Publid Date: 2014-08-25T00:00:00Z

Links: CVE-2014-5209 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "NTP", "vendor": "NTP", "versions": [{"status": "affected", "version": "4.2.7p25"}]}], "datePublic": "2014-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-08T00:31:11", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K44942017"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"}, {"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K44942017"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-5209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "NTP", "version": {"version_data": [{"version_value": "4.2.7p25"}]}}]}, "vendor_name": "NTP"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K44942017", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K44942017"}, {"name": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"}, {"name": "https://support.f5.com/csp/article/K44942017", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K44942017"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:41:47.478Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K44942017"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.f5.com/csp/article/K44942017"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-5209", "datePublished": "2020-01-08T00:29:42", "dateReserved": "2014-08-13T00:00:00", "dateUpdated": "2024-08-06T11:41:47.478Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*", "matchCriteriaId": "FE315238-7191-4A2E-A3C6-2162BE589C78", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "40267CF4-9AC8-48ED-9DD4-7F947045AE9C", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "699BDE7D-B02D-41A8-BD2C-936B54107616", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "17D2F203-B830-42E5-AE54-17453F72A45D", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1331467F-B278-485E-AD91-7D0643C2F3DB", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB630A86-FB84-4199-9E4D-38EB620806CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E695F85-F170-4FD4-819E-7DAF31662BF4", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AD67D31-7FB8-4A3F-915D-385617E21428", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E866C4E5-D739-4352-9B6D-9753B4C78A24", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C7CC5A1-6E7B-48BE-9E0A-0D1E51FCEA3D", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "2620230F-1D8D-423D-953E-9EEF934C56DD", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "42D16634-442B-4674-B11E-6748D28764BD", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "867B2CA9-DAE5-4070-B8E6-F624C59F5054", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C26031-A354-4E19-A1C3-415336B2E7C5", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B9AF8FC-B730-428D-B317-86ABEF924299", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D91EC11-DD9A-434B-9EB4-14AA0E977D8D", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFC01B17-9BC3-425F-8187-5AE7B0AAC227", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DD8FE5B-DA42-41F3-AF57-2DB6C0C70661", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "283155E5-EEAB-4E05-A0E7-B9C5077A5029", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E697E4FD-1882-4BF8-9B9F-FB7DFD19497B", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A635FEC4-4F52-4971-A67D-47E68108E4F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90D8985-EDE3-4613-9B4A-E3929D1D3721", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "394DF290-9328-4FAD-B04E-61F62B916148", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F8F3686-2C9F-4EB1-973D-FBBC6401744F", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3136A8D1-3D0D-46B3-9A3A-737074864F1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "94BB8ADB-C47F-451D-8431-BAE51137C0D8", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1456F84-12B3-462C-A007-262680AA114B", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "84452450-77FA-4708-9C86-5464D541C8ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "68FBFE46-BCFB-4337-8990-9E92C5C0647E", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "9071FCDD-36CE-49F2-9CB1-4495BF852F5B", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "72ED4B6A-EC5B-400E-88B7-6C986FC5BC4F", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "68E2840B-96F4-4437-91D1-4AFE99E54D6A", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2DD53088-3BD4-4AF9-8934-4905231A75E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC944480-C2AD-4338-871D-02DE26B3E80A", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "534529CB-53EF-4ABB-A220-6B42DB5A69DC", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A2670B3-1A96-4E72-A316-0AF826E8EC8B", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B83479FA-82FB-4F71-9B98-E683745DB49E", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F9EA336A-8055-4DA8-8F79-07C4ADE83E32", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A75EC568-E2B5-4F4E-AECC-44EA39A7EA21", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "37257612-FAA4-4004-A4D3-4624F06F0615", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "15F4D416-10F4-4C08-A25D-0795F7FE0FBE", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "C31E9AFD-27D1-47C4-A577-20BF6B42A1CA", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "041CE71A-50D1-44E6-B683-CD7F89C51893", "versionEndIncluding": "11.4.1", "versionStartIncluding": "11.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B84923CD-9BC8-4241-82A3-5848333FFEB7", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A35703D-1BE0-459B-BDF0-08FB7C36A17E", "versionEndIncluding": "10.2.4", "versionStartIncluding": "10.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C9768142-C554-44DE-B8D5-45CB51E3C34C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "559900D6-7E43-4D2F-9167-BDB04DD5D0DB", "versionEndIncluding": "5.4.0", "versionStartIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "24AEF0B2-7C8C-432C-A840-C2441A70343F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C8BF865-BA45-4711-829F-EC8E5EA22D2F", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E21D6206-4716-47FE-A733-F18343656E94", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B3E56EB-202A-4F58-8E94-B2DDA1693498", "versionEndIncluding": "4.5.0", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FD83CC2-44E9-43F2-A9EF-E6A0C9C6E261", "versionEndIncluding": "2.3.0", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:mobilesafe:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EBA70E87-466F-4B68-BFA1-C33FCEEE9FEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:websafe:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE8D2705-DD84-4F26-94E1-4E6644556A98", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en los mensajes privados (modo 6/7) de NTP versi\u00f3n 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podr\u00eda permitir a un usuario malicioso obtener informaci\u00f3n confidencial."}], "id": "CVE-2014-5209", "lastModified": "2024-11-21T02:11:37.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-08T01:15:09.547", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"}, {"source": "cret@cert.org", "url": "https://support.f5.com/csp/article/K44942017"}, {"source": "cret@cert.org", "url": "https://support.f5.com/csp/article/K44942017"}, {"source": "cret@cert.org", "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K44942017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K44942017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "ntp: Information Disclosure vulnerability via GET_RESTRICT control message", "id": "1805392", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805392"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-200", "details": ["An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.", "A flaw was discovered where an information disclosure is present in the Network Time Protocol (NTP) through the GET_RESTRICT control message, which can be sent with the reslist command of the ntpdc tool. An attacker can use this message to obtain sensitive information such as internal IP addresses and NTP\u2019s configuration settings."], "mitigation": {"lang": "en:us", "value": "If not already present, add `noquery` option to the `restrict` access control command specified in /etc/ntp.conf. Red Hat Enterprise Linux 7 is shipped by default with the following setting:\nrestrict default nomodify notrap nopeer noquery"}, "name": "CVE-2014-5209", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "ntp", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-08-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-5209\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5209"], "statement": "This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, 7 in their default configurations. Red Hat Enterprise Linux uses the `restrict noquery` option by default, which denies ntpdc queries. No proper fix is available for this issue upstream, apart from disabling these kind of queries by default or denying them through the `restrict` access control command specified in /etc/ntp.conf. Users are adviced to use `noquery` in their configurations and allow them only from a trusted set of network addresses.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object