Vulnerabilities > CVE-2019-11331 - Unspecified vulnerability in NTP
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
References
- http://www.securityfocus.com/bid/108010
- http://www.securityfocus.com/bid/108010
- https://support.f5.com/csp/article/K09940637
- https://support.f5.com/csp/article/K09940637
- https://support.f5.com/csp/article/K09940637?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K09940637?utm_source=f5support&%3Butm_medium=RSS
- https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00
- https://tools.ietf.org/html/draft-gont-ntp-port-randomization-00