CVE-2019-11331
First published: Thu Apr 18 2019(Updated: )
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NTP ntp |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this NTP vulnerability?
The vulnerability ID for this NTP vulnerability is CVE-2019-11331.
What is the severity rating of CVE-2019-11331?
CVE-2019-11331 has a severity rating of 8.1 out of 10, which is considered high.
How does CVE-2019-11331 affect NTP software?
CVE-2019-11331 affects NTP software that uses port 123 even for modes where a fixed port number is not required.
What are the potential risks associated with CVE-2019-11331?
CVE-2019-11331 makes it easier for remote attackers to conduct off-path attacks, posing a significant security risk.
Are there any recommended fixes for CVE-2019-11331?
Yes, it is recommended to apply the necessary security patches or updates provided by the NTP software vendor to mitigate the vulnerability.
- collector/nvd-index
- vendor/ntp
- canonical/ntp ntp