F5 Networks BIG-IP : NTP vulnerabilities (K00329831)
Medium Nessus Plugin ID 97499
Synopsis
The remote device is missing a vendor-supplied security patch.
Description
CVE-2015-8139 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2015-8140 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
Solution
Upgrade to one of the non-vulnerable versions listed in the F5 Solution K00329831.