PatchSiren cyber security CVE debrief
CVE-2015-7976 Ntp CVE debrief
CVE-2015-7976 affects NTP’s ntpq saveconfig command, where special characters in a crafted filename were not properly filtered. The result is an integrity-impacting issue in affected NTP releases, with remediation guidance available from the vendor and downstream advisories. Because exploitation requires network access and low privileges, it is important to patch, but the supplied data does not indicate a high-severity confidentiality or availability impact.
- Vendor
- Ntp
- Product
- CVE-2015-7976
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-30
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-30
- Advisory updated
- 2026-05-13
Who should care
Administrators running affected NTP/ntpd versions, vendors shipping NTP in appliances or distributions, and security teams responsible for time synchronization services and remote management exposure.
Technical summary
The supplied NVD record describes an ntpq saveconfig weakness in NTP 4.1.2, 4.2.x before 4.2.8p6, and multiple 4.3 releases, where special characters in a crafted filename are not properly filtered. NVD assigns CVSS v3.0 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating a remotely reachable issue that requires low privileges and primarily affects integrity. The corpus does not provide a more specific exploit effect beyond unspecified impact.
Defensive priority
Medium. Prioritize normal patch management and exposure review for any systems exposing ntpq or otherwise relying on affected NTP packages, especially in infrastructure where time synchronization is operationally important.
Recommended defensive actions
- Upgrade to a vendor-fixed NTP release; the supplied record identifies 4.2.8p6 and later fixed branches as the remediation baseline for the affected 4.2.x line.
- Apply downstream distribution or appliance updates referenced in the supplied advisories if you do not manage NTP from source.
- Restrict access to ntpq and other NTP management interfaces to trusted administrative networks and accounts.
- Inventory hosts and images for affected NTP versions, including embedded and long-lived appliances that may not receive routine package updates.
- Validate that only approved administrative workflows can invoke saveconfig-related functionality on exposed systems.
Evidence notes
The source corpus ties the issue to ntpq saveconfig and states that special characters are not properly filtered for a crafted filename. NVD also provides the affected version scope and a CVSS v3.0 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The supplied description says the attacker can cause 'unspecified impact,' so this debrief avoids asserting a more specific outcome than the corpus supports.
Official resources
-
CVE-2015-7976 CVE record
CVE.org
-
CVE-2015-7976 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE published at 2017-01-30T21:59:00.330Z and modified at 2026-05-13T00:24:29.033Z. The supplied corpus includes vendor and distribution advisories dated in 2016, which indicates remediation guidance existed before the CVE record was later