PatchSiren cyber security CVE debrief

CVE-2016-2517 Ntp CVE debrief

CVE-2016-2517 is a denial-of-service vulnerability in NTP daemon configurations affected by the regression noted in the advisory trail. A remote attacker who already knows the controlkey or requestkey can send a crafted packet to ntpd and alter trustedkey, controlkey, or requestkey values, which can block subsequent authentication. The issue was published on 2017-01-30 and is described as a regression related to CVE-2016-2516. The exposure is most relevant where ntpd accepts remote control functionality and key-based authentication is in use. NVD records the impacted range as NTP before 4.2.8p7 and 4.3.x before 4.3.92, with the CVSS v3 vector emphasizing network reachability, low privileges, and high availability impact.

Vendor: Ntp
Product: CVE-2016-2517
CVSS: MEDIUM 5.3
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-01-30
Original CVE updated: 2026-05-13
Advisory published: 2017-01-30
Advisory updated: 2026-05-13

Who should care

NTP administrators and operators running ntpd with control/request key-based authentication, especially on systems still within the affected version ranges or where remote management access is enabled.

Technical summary

The vulnerability allows a remote actor with knowledge of the controlkey or requestkey to submit a crafted ntpd packet that changes trustedkey, controlkey, or requestkey state. The practical outcome is a loss of authentication continuity rather than data theft or integrity compromise. NVD rates the issue as CVSS 3.0 AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, and classifies the weakness as CWE-20 (improper input validation). The vendor and related advisories identify the problem as a regression tied to CVE-2016-2516.

Defensive priority

Medium. The impact is limited to availability and authentication continuity, but affected ntpd deployments can lose key-based control until corrected. Prioritize if NTP remote control features are used or if ntpd is reachable from untrusted networks.

Recommended defensive actions

Confirm whether any deployed NTP packages fall within the affected ranges noted by NVD: before 4.2.8p7 and 4.3.x before 4.3.92.
Upgrade ntpd to a fixed release and verify the vendor’s guidance in the NTP Bug 3010 advisory.
Restrict access to ntpd control interfaces and limit exposure of NTP management traffic to trusted hosts.
Review configurations that rely on controlkey, requestkey, or trustedkey for remote authentication and validate that those keys are protected.
Monitor for unexpected authentication failures or key-state changes on systems running ntpd.
Use the NVD and vendor advisories to confirm package-specific remediation guidance for your platform.

Evidence notes

This debrief is based on the CVE description, NVD metadata, and referenced vendor/advisory links supplied in the corpus. The CVE description explicitly states the issue affects NTP before 4.2.8p7 and 4.3.x before 4.3.92, can prevent subsequent authentication, and exists because of a CVE-2016-2516 regression. The NVD record provides the CVSS vector, CWE-20 classification, and version criteria. No KEV record is present in the supplied enrichment.

Official resources

CVE-2016-2517 CVE record
CVE.org
CVE-2016-2517 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]
Source reference
[email protected]

Publicly disclosed and assigned on 2017-01-30. The supplied description notes the flaw is a regression related to CVE-2016-2516, and later NVD modification metadata was updated on 2026-05-13.