CVE-2016-1549

Name: CVE-2016-1549
Creator: NVD / NIST
Published: 2017-01-06T21:59:00.383+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.12%

Last modified Jun 17, 2026

CVE-2016-1549 is a vulnerability of currently unknown severity. A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.. EPSS estimates a 3.12% chance of exploitation in the next 30 days.

Description

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.

Metrics

EPSS Probability

3.12%

86.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-19

Affected Software

Vendor	Product	Versions	Update
Ntp	Ntp	4.2.8	P4

References

Timeline

Published: Jan 6, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-1549?

How severe is CVE-2016-1549?

Severity scoring for CVE-2016-1549 is pending analysis. The EPSS model estimates a 3.12% probability of exploitation in the next 30 days.

How do I fix CVE-2016-1549?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1549?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST