Improper input validation in Netapp Clustered_data_ontap
CVE-2015-7703
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requ…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.092 (92.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Netapp Clustered_data_ontap
- Netapp Data_ontap
- Netapp Oncommand_performance_manager
- Netapp Oncommand_unified_manager
- Ntp — versions 4.2.8
- Oracle Linux — versions 6
- Debian Debian_linux — versions 7.0, 8.0, 9.0
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM, VDB Entry, Third Party Advisory, Issue Tracking)
- cve@mitre.org (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
Frequently asked questions
- What is CVE-2015-7703?
- CVE-2015-7703 is a high-severity vulnerability in Netapp Clustered_data_ontap, classified under Improper Input Validation. CVSS score: 7.5/10. Published 2017-07-24.
- How severe is CVE-2015-7703?
- High severity. CVSS v3 base score is 7.5 out of 10.