What is CVE-2015-5300?

CVE-2015-5300 is a high-severity vulnerability in Ntp, classified under CWE-361. CVSS score: 7.5/10. Published 2017-07-21.

How severe is CVE-2015-5300?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2015-5300 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ntp

CVE-2015-5300

The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the…

EPSS: 0.368 (97.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Ntp
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
Debian Debian_linux — versions 7.0, 8.0
Fedoraproject Fedora — versions 21, 22
Opensuse Leap — versions 42.1
Opensuse — versions 13.2
Redhat Enterprise_linux_desktop — versions 6.0, 7.0
Redhat Enterprise_linux_hpc_node — versions 6.0, 7.0
Redhat Enterprise_linux_hpc_node_eus — versions 7.1
Redhat Enterprise_linux_server — versions 6.0, 7.0

Weakness classification (CWE)

CWE-361

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
secalert@redhat.com (US Government Resource, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2015-5300?: CVE-2015-5300 is a high-severity vulnerability in Ntp, classified under CWE-361. CVSS score: 7.5/10. Published 2017-07-21.
How severe is CVE-2015-5300?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2015-5300 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.