vendor:
Network Time System Server
by:
John Page (aka hyp3rlinx)
7.5
CVSS
HIGH
Denial Of Service
Unknown
CWE
Product Name: Network Time System Server
Affected Version From: v2.3.4
Affected Version To: v2.3.4
Patch Exists: NO
Related CWE: CVE-2018-7658
CPE: Unknown
Platforms Tested:
2018
Denial of Service in Softros Network Time System Server v2.3.4
Network Time System (Server) "NTSServerSvc" service listens on Port 7001, unauthenticated remote attackers can crash the Server by sending exactly 11 bytes to the target system. Systems which may depend on critical time synchronization could then potentially be impacted.
Mitigation:
Unknown