CVE-2014-5209

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
ntpntp
4.2.7:p25
f5big-ip_access_policy_manager
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_access_policy_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_access_policy_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_access_policy_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_access_policy_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_access_policy_manager
11.2.1
f5big-ip_access_policy_manager
15.0.0
f5big-ip_advanced_firewall_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_advanced_firewall_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_advanced_firewall_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_advanced_firewall_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_advanced_firewall_manager
15.0.0
f5big-ip_analytics
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_analytics
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_analytics
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_analytics
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_analytics
11.2.1
f5big-ip_analytics
15.0.0
f5big-ip_application_acceleration_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_application_acceleration_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_acceleration_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_application_acceleration_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_application_acceleration_manager
15.0.0
f5big-ip_application_security_manager
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_application_security_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_application_security_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_security_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_application_security_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_application_security_manager
11.2.1
f5big-ip_application_security_manager
15.0.0
f5big-ip_domain_name_system
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_domain_name_system
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_domain_name_system
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_domain_name_system
15.0.0
f5big-ip_edge_gateway
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_edge_gateway
11.2.1
f5big-ip_global_traffic_manager
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_global_traffic_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_global_traffic_manager
11.2.1
f5big-ip_link_controller
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_link_controller
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_link_controller
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_link_controller
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_link_controller
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_link_controller
11.2.1
f5big-ip_link_controller
15.0.0
f5big-ip_local_traffic_manager
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_local_traffic_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_local_traffic_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_local_traffic_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_local_traffic_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_local_traffic_manager
11.2.1
f5big-ip_local_traffic_manager
15.0.0
f5big-ip_policy_enforcement_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_policy_enforcement_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_policy_enforcement_manager
13.0.0 ≤
𝑥
≤ 13.1.1
f5big-ip_policy_enforcement_manager
14.0.0 ≤
𝑥
≤ 14.1.0
f5big-ip_policy_enforcement_manager
15.0.0
f5big-ip_protocol_security_module
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_protocol_security_module
11.4.0 ≤
𝑥
≤ 11.4.1
f5big-ip_wan_optimization_manager
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_wan_optimization_manager
11.2.1
f5big-ip_webaccelerator
10.2.1 ≤
𝑥
≤ 10.2.4
f5big-ip_webaccelerator
11.2.1
f5big-iq_adc
4.5.0
f5big-iq_centralized_management
5.0.0 ≤
𝑥
≤ 5.4.0
f5big-iq_centralized_management
6.0.0 ≤
𝑥
≤ 6.1.0
f5big-iq_centralized_management
4.6.0
f5big-iq_cloud
4.0.0 ≤
𝑥
≤ 4.5.0
f5big-iq_cloud_and_orchestration
1.0.0
f5big-iq_device
4.2.0 ≤
𝑥
≤ 4.5.0
f5big-iq_security
4.0.0 ≤
𝑥
≤ 4.5.0
f5enterprise_manager
3.1.1
f5iworkflow
2.0.0 ≤
𝑥
≤ 2.3.0
f5mobilesafe
1.0.0
f5websafe
1.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ntp
bullseye
1:4.2.8p15+dfsg-1
fixed
jessie
ignored
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ntp
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
ignored
bionic
not-affected
xenial
not-affected
trusty
needed
Common Weakness Enumeration
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/95841
https://support.f5.com/csp/article/K44942017
https://support.f5.com/csp/article/K44942017
https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS
https://exchange.xforce.ibmcloud.com/vulnerabilities/95841
https://support.f5.com/csp/article/K44942017
https://support.f5.com/csp/article/K44942017
https://support.f5.com/csp/article/K44942017?utm_source=f5support&amp%3Butm_medium=RSS