How severe is CVE-2016-1548?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2016-1548?

This is classified as CWE-19, which is a common weakness in software security.

CVE-2016-1548 - HIGH Severity | CVSS 7.2

Vulnerability Description

An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.

Related Vulnerabilities

CVE-2009-5155

HIGH

CVSS:7.5(High)

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application e...

CWE-192009

CVE-2014-0997

HIGH

CVSS:7.5(High)

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potent...

CWE-192014

CVE-2014-3223

HIGH

CVSS:7.5(High)

Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packet...

CWE-192014

CVE-2015-0224

HIGH

CVSS:7.5(High)

qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete ...

CWE-192015

CVE-2015-0689

HIGH

CVSS:7.5(High)

Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743.

CWE-192015

CVE-2015-7979

HIGH

CVSS:7.5(High)

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broa...

CWE-192015