All CISA Advisories, EN

ALBEDO Telecom Net.Time – PTP/NTP Clock

2025-04-24 17:04

1. EXECUTIVE SUMMARY

CVSS v4 8.5
ATTENTION: Exploitable remotely/low attack complexity
Vendor: ALBEDO Telecom
Equipment: Net.Time – PTP/NTP clock
Vulnerability: Insufficient Session Expiration

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following version of Net.Time – PTP/NTP clock is affected:

Net.Time – PTP/NTP clock (Serial No. NBC0081P): Software release 1.4.4

3.2 VULNERABILITY OVERVIEW

3.2.1 INSUFFICIENT SESSION EXPIRATION CWE-613

The affected product is vulnerable to an insufficient session expiration vulnerability, which could permit an attacker to transmit passwords over unencrypted connections, resulting in the product becoming vulnerable to interception.

CVE-2025-2185 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.0 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

A CVSS v4 score has also been calculated for CVE-2025-2185. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Communications, Financial Services, Information Technology
COUNTRIES/AREAS DEPLOYED:[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

ALBEDO Telecom Net.Time – PTP/NTP Clock

Tags: All CISA Advisories EN

Post navigation

← Schneider Electric Modicon Controllers

Assassin’s Creed maker faces GDPR complaint for forcing single-player gamers online →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Open-source password recovery utility Hashcat 7.0.0 released August 4, 2025

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts August 4, 2025

The surprising truth about identity security confidence August 4, 2025

IT Security News Hourly Summary 2025-08-04 03h : 1 posts August 4, 2025

ISC Stormcast For Monday, August 4th, 2025 https://isc.sans.edu/podcastdetail/9554, (Mon, Aug 4th) August 4, 2025

Lazarus Group rises again, this time with malware-laden fake FOSS August 4, 2025

IT Security News Hourly Summary 2025-08-04 00h : 6 posts August 4, 2025

IT Security News Weekly Summary 31 August 4, 2025

IT Security News Daily Summary 2025-08-03 August 4, 2025

BSidesSF 2025: Service Mesh Security: Shifting Focus To The Application Layer August 4, 2025

Stay Proactive: Secure Your Cloud Identities August 4, 2025

Controlling NHIs: Strategy for Modern Security August 4, 2025

Are Your Security Measures Capable Enough? August 4, 2025

Legacy May Kill, (Sun, Aug 3rd) August 3, 2025

IT Security News Hourly Summary 2025-08-03 21h : 1 posts August 3, 2025

A Massive 800% Rise in Data Breach Incidents in First Half of 2025 August 3, 2025

IT Security News Hourly Summary 2025-08-03 18h : 4 posts August 3, 2025

Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack August 3, 2025

Pi-hole Plugin Flaw Exposes Donor Names and Email Addresses in Data Breach August 3, 2025

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts August 3, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}