CVE-2014-5209

Current Description

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.

Basic Data

PublishedJanuary 08, 2020
Last ModifiedJanuary 24, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationNtpNtp4.2.7p25******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationF5Big-ip Access Policy Manager********10.2.110.2.4
    2.3ApplicationF5Big-ip Access Policy Manager11.2.1*******
    2.3ApplicationF5Big-ip Access Policy Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Access Policy Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Access Policy Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Access Policy Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Access Policy Manager15.0.0*******
    2.3ApplicationF5Big-ip Advanced Firewall Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Advanced Firewall Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Advanced Firewall Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Advanced Firewall Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Advanced Firewall Manager15.0.0*******
    2.3ApplicationF5Big-ip Analytics11.2.1*******
    2.3ApplicationF5Big-ip Analytics********11.4.011.6.4
    2.3ApplicationF5Big-ip Analytics********12.0.012.1.4
    2.3ApplicationF5Big-ip Analytics********13.0.013.1.1
    2.3ApplicationF5Big-ip Analytics********14.0.014.1.0
    2.3ApplicationF5Big-ip Analytics15.0.0*******
    2.3ApplicationF5Big-ip Application Acceleration Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Application Acceleration Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Application Acceleration Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Application Acceleration Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Application Acceleration Manager15.0.0*******
    2.3ApplicationF5Big-ip Application Security Manager********10.2.110.2.4
    2.3ApplicationF5Big-ip Application Security Manager11.2.1*******
    2.3ApplicationF5Big-ip Application Security Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Application Security Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Application Security Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Application Security Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Application Security Manager15.0.0*******
    2.3ApplicationF5Big-ip Domain Name System********12.0.012.1.4
    2.3ApplicationF5Big-ip Domain Name System********13.0.013.1.1
    2.3ApplicationF5Big-ip Domain Name System********14.0.014.1.0
    2.3ApplicationF5Big-ip Domain Name System15.0.0*******
    2.3ApplicationF5Big-ip Edge Gateway********10.2.110.2.4
    2.3ApplicationF5Big-ip Edge Gateway11.2.1*******
    2.3ApplicationF5Big-ip Global Traffic Manager********10.2.110.2.4
    2.3ApplicationF5Big-ip Global Traffic Manager11.2.1*******
    2.3ApplicationF5Big-ip Global Traffic Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Link Controller********10.2.110.2.4
    2.3ApplicationF5Big-ip Link Controller11.2.1*******
    2.3ApplicationF5Big-ip Link Controller********11.4.011.6.4
    2.3ApplicationF5Big-ip Link Controller********12.0.012.1.4
    2.3ApplicationF5Big-ip Link Controller********13.0.013.1.1
    2.3ApplicationF5Big-ip Link Controller********14.0.014.1.0
    2.3ApplicationF5Big-ip Link Controller15.0.0*******
    2.3ApplicationF5Big-ip Local Traffic Manager********10.2.110.2.4
    2.3ApplicationF5Big-ip Local Traffic Manager11.2.1*******
    2.3ApplicationF5Big-ip Local Traffic Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Local Traffic Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Local Traffic Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Local Traffic Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Local Traffic Manager15.0.0*******
    2.3ApplicationF5Big-ip Policy Enforcement Manager********11.4.011.6.4
    2.3ApplicationF5Big-ip Policy Enforcement Manager********12.0.012.1.4
    2.3ApplicationF5Big-ip Policy Enforcement Manager********13.0.013.1.1
    2.3ApplicationF5Big-ip Policy Enforcement Manager********14.0.014.1.0
    2.3ApplicationF5Big-ip Policy Enforcement Manager15.0.0*******
    2.3ApplicationF5Big-ip Protocol Security Module********10.2.110.2.4
    2.3ApplicationF5Big-ip Protocol Security Module********11.4.011.4.1
    2.3ApplicationF5Big-ip Wan Optimization Manager********10.2.110.2.4
    2.3ApplicationF5Big-ip Wan Optimization Manager11.2.1*******
    2.3ApplicationF5Big-ip Webaccelerator********10.2.110.2.4
    2.3ApplicationF5Big-ip Webaccelerator11.2.1*******
    2.3ApplicationF5Big-iq Adc4.5.0*******
    2.3ApplicationF5Big-iq Centralized Management4.6.0*******
    2.3ApplicationF5Big-iq Centralized Management********5.0.05.4.0
    2.3ApplicationF5Big-iq Centralized Management********6.0.06.1.0
    2.3ApplicationF5Big-iq Cloud********4.0.04.5.0
    2.3ApplicationF5Big-iq Cloud And Orchestration1.0.0*******
    2.3ApplicationF5Big-iq Device********4.2.04.5.0
    2.3ApplicationF5Big-iq Security********4.0.04.5.0
    2.3ApplicationF5Enterprise Manager3.1.1*******
    2.3ApplicationF5Iworkflow********2.0.02.3.0
    2.3ApplicationF5Mobilesafe1.0.0*******
    2.3ApplicationF5Websafe1.0.0*******

Vulnerable Software List

VendorProductVersions
Ntp Ntp 4.2.7
F5 Mobilesafe 1.0.0
F5 Big-ip Webaccelerator *, 11.2.1
F5 Big-ip Wan Optimization Manager *, 11.2.1
F5 Big-ip Link Controller *, 11.2.1, 15.0.0
F5 Big-ip Analytics *, 11.2.1, 15.0.0
F5 Big-ip Access Policy Manager *, 11.2.1, 15.0.0
F5 Big-ip Advanced Firewall Manager *, 15.0.0
F5 Big-ip Application Acceleration Manager *, 15.0.0
F5 Big-ip Edge Gateway *, 11.2.1
F5 Big-ip Policy Enforcement Manager *, 15.0.0
F5 Big-iq Cloud *
F5 Big-ip Domain Name System *, 15.0.0
F5 Big-iq Device *
F5 Big-iq Centralized Management *, 4.6.0
F5 Big-iq Security *
F5 Big-ip Global Traffic Manager *, 11.2.1
F5 Big-iq Cloud And Orchestration 1.0.0
F5 Big-ip Local Traffic Manager *, 11.2.1, 15.0.0
F5 Enterprise Manager 3.1.1
F5 Iworkflow *
F5 Websafe 1.0.0
F5 Big-ip Protocol Security Module *
F5 Big-ip Application Security Manager *, 11.2.1, 15.0.0
F5 Big-iq Adc 4.5.0

References

NameSourceURLTags
https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSSCONFIRMhttps://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSSThird Party Advisory Third Party Advisory Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/95841MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/95841VDB Entry
https://support.f5.com/csp/article/K44942017CONFIRMhttps://support.f5.com/csp/article/K44942017