Apr 2019 – A vulnerability in NTP could allow an unthenticated, remote attack to compromise a target system completely.

Preface: Kiss O’Death Packet and Other NTP Vulnerabilities potentially turn back the Internet’s Clocks and causes unpredictable problem.

NTP vulnerability – historical record: There was a loophole in 2013,, the attack relies on the exploitation of the ‘monlist’ feature of NTP, as described in CVE-2013-5211, which is enabled by default on older NTP-capable devices. This command causes a list of the last 600 IP addresses which connected to the NTP server to be sent to the victim.

CVE-2019-11331 vulnerability details: The vulnerability is due to improper use of UDP port 123 by the affected software. Threat actor can make a malicious packet input to the targeted system. A successful exploit could allow the attacker to conduct an off-path attack.

Remedy: NTP.org had not released a security advisory. Stay tuned.