Lucene search

CiscoCISCO-SA-20141222-NTPD

HistoryDec 22, 2014 - 4:00 p.m.

Multiple Vulnerabilities in ntpd Affecting Cisco Products

2014-12-2216:00:00

tools.cisco.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.966 High

EPSS

Percentile

99.6%

JSON

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or create a denial of service (DoS) condition.

On December 19, 2014, NTP.org and US-CERT released security advisories detailing two issues regarding weak cryptographic pseudorandom number generation (PRNG), three buffer overflow vulnerabilities, and an unhandled error condition with an unknown impact. These vulnerabilities are referenced in this document as follows:

CVE-2014-9293: Weak Default Key in config_auth()
CVE-2014-9294: Noncryptographic Random Number Generator with Weak Seed Used by ntp-keygen to Generate Symmetric Keys
CVE-2014-9295: Multiple Buffer Overflow Vulnerabilities in ntpd
CVE-2014-9296: ntpd receive(): Missing Return on Error
On February 4, 2015, NTP.org and US-CERT released two additional vulnerabilities regarding improper validation of vallen in ntp_crypto.c and an IPv6 ::1 ACL bypass vulnerability. These vulnerabilities were added to their original advisory. For completeness, these vulnerabilities are referenced in this document as follows:

CVE-2014-9297: NTP ntp_crypto.c Improper Validation Vulnerability
CVE-2014-9298: NTP IPv6 ACL Bypass Vulnerability
This advisory will be updated as additional information becomes available.

Cisco will release software updates that address these vulnerabilities.

Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd”]

Affected configurations

Vulners

Node

ciscoapplication_and_content_networking_system_softwareMatchany

ciscoemergency_responderMatchany

ciscoios_xr_softwareMatchany

cisconac_applianceMatchany

ciscounified_presence_serverMatchany

ciscowide_area_application_servicesMatchany

ciscounified_contact_center_enterpriseMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoservice_control_engineMatchany

cisconx_osMatch4.1

cisconx_osMatch5.0

cisconx_osMatch4.2

cisconx_osMatch5.1

cisconx_osMatch5.2

cisconx_osMatch6.1

cisconx_osMatch4.0\(0\)n1

cisconx_osMatch4.0\(1a\)n1

cisconx_osMatch4.0\(1a\)n2

cisconx_osMatch4.1\(2\)e1

cisconx_osMatch4.1\(3\)n1

cisconx_osMatch4.1\(3\)n2

cisconx_osMatch4.2\(1\)n1

cisconx_osMatch4.2\(1\)n2

cisconx_osMatch4.2\(1\)sv1

cisconx_osMatch4.2\(1\)sv2

cisconx_osMatch5.0\(2\)n1

cisconx_osMatch5.0\(2\)n2

cisconx_osMatch5.0\(3\)n1

cisconx_osMatch5.0\(3\)n2

cisconx_osMatch5.0\(3\)u1

cisconx_osMatch5.0\(3\)u2

cisconx_osMatch5.0\(3\)u3

cisconx_osMatch5.0\(3\)u4

cisconx_osMatch5.0\(3\)u5

cisconx_osMatch5.1\(3\)n1

cisconx_osMatch5.1\(3\)n2

cisconx_osMatch5.2\(1\)n1

cisconx_osMatch5.2\(1\)sm1

cisconx_osMatch6.0

cisconx_osMatch6.0\(2\)n1

cisconx_osMatch6.0\(2\)n2

cisconx_osMatch6.0\(2\)u1

cisconx_osMatch6.0\(2\)u2

cisconx_osMatch6.0\(2\)u3

cisconx_osMatch6.0\(2\)u4

cisconx_osMatch6.0\(2\)u5

cisconx_osMatch6.1\(2\)i2

cisconx_osMatch6.1\(2\)i3

cisconx_osMatch6.2

cisconx_osMatch7.0\(0\)n1

cisconx_osMatch7.0\(1\)n1

cisconx_osMatch7.0\(2\)n1

cisconx_osMatch7.0\(3\)n1

ciscounified_communications_managerMatchany

ciscoapplication_networking_managerMatchany

ciscounified_provisioning_managerMatchany

ciscophysical_access_gatewayMatchany

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoironport_encryption_applianceMatchany

cisconetwork_admission_controlMatchany

ciscotelepresence_mxp_softwareMatchany

ciscoshow_and_shareMatchany

cisconexus_1000vMatchanynexus_1000v

ciscotelepresence_managerMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_infrastructureMatchany

ciscowebex_meetings_serverMatchany

ciscotelepresence_system_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscotelepresence_tc_softwareMatchany

ciscotelepresence_te_softwareMatchany

ciscovirtualization_experience_client_6000_series_firmwareMatchany

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscomedia_experience_engine_5600Matchany

ciscoucs_directorMatchany

ciscodigital_content_managerMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany

cisco300_series_managed_switchesMatchany

ciscojabber_guestMatchany

ciscounified_computing_system_softwareMatchany

ciscoprime_license_managerMatchany

ciscointersight_virtual_applianceMatchany

ciscotelepresence_isdn_gw_3241Matchany

ciscomodular_encoding_platform_d9036_softwareMatchany

ciscofirepower_system_softwareMatchany

ciscoapplication_and_content_networking_system_softwareMatchany

ciscoemergency_responderMatchany

ciscoios_xr_softwareMatchany

cisconac_applianceMatchany

ciscounified_presence_serverMatchany

ciscowide_area_application_servicesMatchany

ciscounified_contact_center_enterpriseMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoservice_control_engineMatchany

cisconx_osMatch4.1\(2\)

cisconx_osMatch4.1\(3\)

cisconx_osMatch4.1\(4\)

cisconx_osMatch4.1\(5\)

cisconx_osMatch5.0\(2a\)

cisconx_osMatch5.0\(3\)

cisconx_osMatch5.0\(5\)

cisconx_osMatch4.2\(2a\)

cisconx_osMatch4.2\(3\)

cisconx_osMatch4.2\(4\)

cisconx_osMatch4.2\(6\)

cisconx_osMatch4.2\(8\)

cisconx_osMatch5.1\(1\)

cisconx_osMatch5.1\(1a\)

cisconx_osMatch5.1\(3\)

cisconx_osMatch5.1\(4\)

cisconx_osMatch5.1\(5\)

cisconx_osMatch5.1\(6\)

cisconx_osMatch5.2\(1\)

cisconx_osMatch5.2\(3a\)

cisconx_osMatch5.2\(4\)

cisconx_osMatch5.2\(5\)

cisconx_osMatch5.2\(7\)

cisconx_osMatch5.2\(9\)

cisconx_osMatch6.1\(1\)

cisconx_osMatch6.1\(2\)

cisconx_osMatch6.1\(3\)

cisconx_osMatch6.1\(4\)

cisconx_osMatch6.1\(4a\)

cisconx_osMatch4.0\(0\)n1\(1a\)

cisconx_osMatch4.0\(0\)n1\(2\)

cisconx_osMatch4.0\(0\)n1\(2a\)

cisconx_osMatch4.0\(1a\)n1\(1\)

cisconx_osMatch4.0\(1a\)n1\(1a\)

cisconx_osMatch4.0\(1a\)n2\(1\)

cisconx_osMatch4.0\(1a\)n2\(1a\)

cisconx_osMatch4.1\(2\)e1\(1\)

cisconx_osMatch4.1\(2\)e1\(1b\)

cisconx_osMatch4.1\(2\)e1\(1d\)

cisconx_osMatch4.1\(2\)e1\(1e\)

cisconx_osMatch4.1\(2\)e1\(1f\)

cisconx_osMatch4.1\(2\)e1\(1g\)

cisconx_osMatch4.1\(2\)e1\(1h\)

cisconx_osMatch4.1\(2\)e1\(1i\)

cisconx_osMatch4.1\(2\)e1\(1j\)

cisconx_osMatch4.1\(3\)n1\(1\)

cisconx_osMatch4.1\(3\)n1\(1a\)

cisconx_osMatch4.1\(3\)n2\(1\)

cisconx_osMatch4.1\(3\)n2\(1a\)

cisconx_osMatch4.2\(1\)n1\(1\)

cisconx_osMatch4.2\(1\)n2\(1\)

cisconx_osMatch4.2\(1\)n2\(1a\)

cisconx_osMatch4.2\(1\)sv1\(4\)

cisconx_osMatch4.2\(1\)sv1\(4a\)

cisconx_osMatch4.2\(1\)sv1\(4b\)

cisconx_osMatch4.2\(1\)sv1\(5.1\)

cisconx_osMatch4.2\(1\)sv1\(5.1a\)

cisconx_osMatch4.2\(1\)sv1\(5.2\)

cisconx_osMatch4.2\(1\)sv1\(5.2b\)

cisconx_osMatch4.2\(1\)sv2\(1.1\)

cisconx_osMatch4.2\(1\)sv2\(1.1a\)

cisconx_osMatch4.2\(1\)sv2\(2.1\)

cisconx_osMatch4.2\(1\)sv2\(2.1a\)

cisconx_osMatch5.0\(2\)n1\(1\)

cisconx_osMatch5.0\(2\)n2\(1\)

cisconx_osMatch5.0\(2\)n2\(1a\)

cisconx_osMatch5.0\(3\)n1\(1c\)

cisconx_osMatch5.0\(3\)n2\(1\)

cisconx_osMatch5.0\(3\)n2\(2\)

cisconx_osMatch5.0\(3\)n2\(2a\)

cisconx_osMatch5.0\(3\)n2\(2b\)

cisconx_osMatch5.0\(3\)u1\(1\)

cisconx_osMatch5.0\(3\)u1\(1a\)

cisconx_osMatch5.0\(3\)u1\(1b\)

cisconx_osMatch5.0\(3\)u1\(1d\)

cisconx_osMatch5.0\(3\)u1\(2\)

cisconx_osMatch5.0\(3\)u1\(2a\)

cisconx_osMatch5.0\(3\)u2\(1\)

cisconx_osMatch5.0\(3\)u2\(2\)

cisconx_osMatch5.0\(3\)u2\(2a\)

cisconx_osMatch5.0\(3\)u2\(2b\)

cisconx_osMatch5.0\(3\)u2\(2c\)

cisconx_osMatch5.0\(3\)u2\(2d\)

cisconx_osMatch5.0\(3\)u3\(1\)

cisconx_osMatch5.0\(3\)u3\(2\)

cisconx_osMatch5.0\(3\)u3\(2a\)

cisconx_osMatch5.0\(3\)u3\(2b\)

cisconx_osMatch5.0\(3\)u4\(1\)

cisconx_osMatch5.0\(3\)u5\(1\)

cisconx_osMatch5.0\(3\)u5\(1a\)

cisconx_osMatch5.0\(3\)u5\(1b\)

cisconx_osMatch5.0\(3\)u5\(1c\)

cisconx_osMatch5.0\(3\)u5\(1d\)

cisconx_osMatch5.0\(3\)u5\(1e\)

cisconx_osMatch5.0\(3\)u5\(1f\)

cisconx_osMatch5.0\(3\)u5\(1g\)

cisconx_osMatch5.0\(3\)u5\(1h\)

cisconx_osMatch5.1\(3\)n1\(1\)

cisconx_osMatch5.1\(3\)n1\(1a\)

cisconx_osMatch5.1\(3\)n2\(1\)

cisconx_osMatch5.1\(3\)n2\(1a\)

cisconx_osMatch5.1\(3\)n2\(1b\)

cisconx_osMatch5.1\(3\)n2\(1c\)

cisconx_osMatch5.2\(1\)n1\(1\)

cisconx_osMatch5.2\(1\)n1\(1a\)

cisconx_osMatch5.2\(1\)n1\(1b\)

cisconx_osMatch5.2\(1\)n1\(2\)

cisconx_osMatch5.2\(1\)n1\(2a\)

cisconx_osMatch5.2\(1\)n1\(3\)

cisconx_osMatch5.2\(1\)n1\(4\)

cisconx_osMatch5.2\(1\)n1\(5\)

cisconx_osMatch5.2\(1\)n1\(6\)

cisconx_osMatch5.2\(1\)n1\(7\)

cisconx_osMatch5.2\(1\)n1\(8a\)

cisconx_osMatch5.2\(1\)n1\(8\)

cisconx_osMatch5.2\(1\)sm1\(5.1\)

cisconx_osMatch6.0\(1\)

cisconx_osMatch6.0\(2\)

cisconx_osMatch6.0\(3\)

cisconx_osMatch6.0\(4\)

cisconx_osMatch6.0\(2\)n1\(1\)

cisconx_osMatch6.0\(2\)n1\(2\)

cisconx_osMatch6.0\(2\)n1\(2a\)

cisconx_osMatch6.0\(2\)n2\(1\)

cisconx_osMatch6.0\(2\)n2\(1b\)

cisconx_osMatch6.0\(2\)n2\(2\)

cisconx_osMatch6.0\(2\)n2\(3\)

cisconx_osMatch6.0\(2\)n2\(4\)

cisconx_osMatch6.0\(2\)n2\(5\)

cisconx_osMatch6.0\(2\)u1\(1\)

cisconx_osMatch6.0\(2\)u1\(2\)

cisconx_osMatch6.0\(2\)u1\(1a\)

cisconx_osMatch6.0\(2\)u1\(3\)

cisconx_osMatch6.0\(2\)u1\(4\)

cisconx_osMatch6.0\(2\)u2\(1\)

cisconx_osMatch6.0\(2\)u2\(2\)

cisconx_osMatch6.0\(2\)u2\(3\)

cisconx_osMatch6.0\(2\)u2\(4\)

cisconx_osMatch6.0\(2\)u2\(5\)

cisconx_osMatch6.0\(2\)u2\(6\)

cisconx_osMatch6.0\(2\)u3\(1\)

cisconx_osMatch6.0\(2\)u3\(2\)

cisconx_osMatch6.0\(2\)u3\(3\)

cisconx_osMatch6.0\(2\)u3\(4\)

cisconx_osMatch6.0\(2\)u3\(5\)

cisconx_osMatch6.0\(2\)u4\(1\)

cisconx_osMatch6.0\(2\)u4\(2\)

cisconx_osMatch6.0\(2\)u4\(3\)

cisconx_osMatch6.0\(2\)u5\(1\)

cisconx_osMatch6.1\(2\)i2\(1\)

cisconx_osMatch6.1\(2\)i2\(2\)

cisconx_osMatch6.1\(2\)i2\(2a\)

cisconx_osMatch6.1\(2\)i2\(3\)

cisconx_osMatch6.1\(2\)i2\(2b\)

cisconx_osMatch6.1\(2\)i3\(3\)

cisconx_osMatch6.2\(2\)

cisconx_osMatch6.2\(2a\)

cisconx_osMatch6.2\(6\)

cisconx_osMatch7.0\(0\)n1\(1\)

cisconx_osMatch7.0\(1\)n1\(1\)

cisconx_osMatch7.0\(2\)n1\(1\)

cisconx_osMatch7.0\(3\)n1\(1\)

ciscounified_communications_managerMatchany

ciscoapplication_networking_managerMatchany

ciscounified_provisioning_managerMatchany

ciscophysical_access_gatewayMatchany

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoironport_encryption_applianceMatchany

cisconetwork_admission_controlMatchany

ciscotelepresence_mxp_softwareMatchany

ciscoshow_and_shareMatchany

ciscoweb_security_virtual_applianceMatch1000v_series_switches

ciscotelepresence_managerMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_infrastructureMatchany

ciscowebex_meetings_serverMatchany

ciscotelepresence_system_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscotelepresence_tc_softwareMatchany

ciscotelepresence_te_softwareMatchany

ciscovirtualization_experience_client_6000Match6000_series_firmware

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscocisco_mxeMatch3500_\(media_experience_engine\)

ciscoucs_directorMatchany

ciscodigital_content_managerMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany

ciscoedge_340_firmwareMatch300_series

ciscojabber_guestMatchany

ciscounified_computing_system_softwareMatchany

ciscoprime_license_managerMatchany

ciscointersight_virtual_applianceMatchany

ciscotelepresence_isdn_gw_3241Matchany

ciscomodular_encoding_platform_d9036_softwareMatchany

ciscofirepower_system_softwareMatchany

CPENameOperatorVersion
cisco application and content networking system (acns) softwareeqany
cisco emergency respondereqany
cisco ios xr softwareeqany
cisco nac appliance softwareeqany
cisco unified presence servereqany
cisco wide area application services (waas)eqany
cisco unified contact center enterpriseeqany
cisco ip interoperability and collaboration system (ipics)eqany
cisco service control engine (sce)eqany
cisco nx-os softwareeq4.1

Name	Operator	Version
cisco application and content networking system (acns) software	eq	any
cisco emergency responder	eq	any
cisco ios xr software	eq	any
cisco nac appliance software	eq	any
cisco unified presence server	eq	any
cisco wide area application services (waas)	eq	any
cisco unified contact center enterprise	eq	any
cisco ip interoperability and collaboration system (ipics)	eq	any
cisco service control engine (sce)	eq	any
cisco nx-os software	eq	4.1