Strix
26.1K

CVE-2016-3988

UnknownEPSS 1.11%

Last modified

CVE-2016-3988 is a vulnerability of currently unknown severity. Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.. EPSS estimates a 1.11% chance of exploitation in the next 30 days.

Description

Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.

Metrics

EPSS Probability
1.11%

61.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
MeinbergNtp Server Firmware<= 6.0
MeinbergIms-Lantime M1000All versions
MeinbergIms-Lantime M3000All versions
MeinbergIms-Lantime M500All versions
MeinbergLantime M100All versions
MeinbergLantime M200All versions
MeinbergLantime M300All versions
MeinbergLantime M400All versions
MeinbergLantime M600All versions
MeinbergLantime M900All versions
MeinbergLcesAll versions
MeinbergSyncfire 1100All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-3988?
Multiple stack-based buffer overflows in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allow remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
How severe is CVE-2016-3988?
Severity scoring for CVE-2016-3988 is pending analysis. The EPSS model estimates a 1.11% probability of exploitation in the next 30 days.
How do I fix CVE-2016-3988?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-3988?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST