Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability

A vulnerability in the implementation of the ntp access-group command in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass the configured Network Time Protocol (NTP) access group and query the affected NTP-configured server for the time.

The vulnerability is due to improper implementation of the ntp access-group command in certain Cisco IOS Software and Cisco IOS XE Software versions. An attacker could exploit this vulnerability by sending NTP query packets to an affected NTP server configured to deny all requests. An exploit could allow the attacker to bypass the configured NTP access group and query the affected NTP-configured server for the time.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, the targeted NTP server must be configured to deny all requests. In addition, the attacker must send NTP query packets to the targeted system. Depending on where the targeted system is in the environment, an attacker may need access to trusted, internal networks behind a firewall to send NTP query packets to the system. This requirement may decrease the likelihood of a successful exploit.