Lucene search

CiscoCISCO-SA-20160428-NTPD

HistoryApr 28, 2016 - 9:00 a.m.

Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016

2016-04-2809:00:00

tools.cisco.com

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.86 High

EPSS

Percentile

98.6%

JSON

Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On April 26, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details 11 issues regarding DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a system’s time. Two of the vulnerabilities disclosed in the NTP security notice address issues that were previously disclosed without a complete fix.

The new vulnerabilities disclosed in this document are as follows:

CVE-2016-1547: Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability
CVE-2016-1548: Network Time Protocol Interleave-Pivot Denial of Service Vulnerability
CVE-2016-1549: Network Time Protocol Sybil Ephemeral Association Attack Vulnerability
CVE-2016-1550: Network Time Protocol Improve NTP Security Against Buffer Comparison Timing Attacks
CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
CVE-2016-2516: Network Time Protocol Duplicate IPs on Unconfig Directives Will Cause an Assertion Botch in ntpd
CVE-2016-2517: Network Time Protocol Remote Configuration Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
CVE-2016-2518: Network Time Protocol Crafted addpeer Causes Array Wraparound with MATCH_ASSOC
CVE-2016-2519: Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked
The two vulnerabilities that were previously disclosed without a complete fix are as follows:

CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
CVE-2015-7704: Network Time Protocol Packet Processing Denial of Service Vulnerability
Those vulnerabilities were disclosed by Cisco in the following Cisco Security Advisories:

  Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp"]
  Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016 ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd"]

Additional details about each vulnerability are in the NTP Consortium Security Notice [“http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security”].

Cisco will release software updates that address these vulnerabilities.

Workarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd”]

Affected configurations

Vulners

Node

ciscoapplication_and_content_networking_system_softwareMatchany

ciscounityMatchany

ciscoprime_access_registrarMatchany

ciscoemergency_responderMatchany

ciscoios_xr_softwareMatchany

ciscounity_expressMatchany

cisconac_applianceMatchany

ciscointrusion_prevention_systemMatchany

ciscoace_application_control_engine_module_a3Matchany

ciscowide_area_application_servicesMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscounity_connectionMatchany

ciscotelepresence_mx200Matchany

ciscophysical_access_gatewayMatchany

ciscocisco_iosMatchanyxe

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscomeetingplaceMatchany

cisconetwork_analysis_module_softwareMatchany

ciscoironport_encryption_applianceMatchany

cisconetwork_admission_controlMatchany

ciscoshow_and_shareMatchany

ciscoidentity_services_engine_softwareMatchany

ciscotelepresence_video_communication_serverMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_lan_management_solutionMatchany

ciscounified_communications_domain_managerMatchany

ciscocontent_security_management_applianceMatchany

ciscoprime_infrastructureMatchany

ciscoconnected_grid_network_management_systemMatchany

ciscowebex_node_for_mcsMatchany

ciscounified_computing_system_central_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscovirtualization_experience_media_engineMatchany

ciscomediasenseMatchany

ciscounified_sip_proxyMatchany

ciscoucs_directorMatchany

ciscovideoscape_distribution_suite_service_brokerMatchany

ciscodigital_content_managerMatchany

ciscoprime_service_catalogMatchany

cisconexus_1000vMatchanynexus_1000v

ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany

ciscoexpresswayMatchany

ciscojabber_guestMatchany

ciscodesktop_collaboration_experienceMatchany

ciscoprime_license_managerMatchany

ciscointersight_virtual_applianceMatchany

ciscoprime_network_services_controllerMatchany

ciscotelepresence_isdn_gw_3241Matchany

ciscotelepresence_conductorMatchany

ciscofirepower_system_softwareMatchany

ciscoprime_collaboration_assuranceMatchany

ciscoprime_collaboration_provisioningMatchany

ciscopaging_serverMatchany

ciscomodular_encoding_platform_d9036_softwareMatchany

ciscovideoscape_distribution_suite_service_brokerMatchany

ciscovideo_surveillance_8030_firmwareMatchany

ciscovirtual_topology_systemMatchany

cisconexus_3000Matchany

ciscohosted_collaboration_mediation_fulfillmentMatchany

ciscocloud_services_platform_2100Matchany

ciscoregistered_envelope_serviceMatchany

ciscoapplication_and_content_networking_system_softwareMatchany

ciscounityMatchany

ciscoprime_access_registrarMatchany

ciscoemergency_responderMatchany

ciscoios_xr_softwareMatchany

ciscounity_expressMatchany

cisconac_applianceMatchany

ciscointrusion_prevention_systemMatchany

ciscoace_application_control_engine_module_a3Matchany

ciscowide_area_application_servicesMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscounity_connectionMatchany

ciscotelepresence_mx200Matchany

ciscophysical_access_gatewayMatchany

ciscocisco_iosMatchanyxe

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscomeetingplaceMatchany

cisconetwork_analysis_module_softwareMatchany

ciscoironport_encryption_applianceMatchany

cisconetwork_admission_controlMatchany

ciscoshow_and_shareMatchany

ciscoidentity_services_engine_softwareMatchany

ciscotelepresence_video_communication_serverMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_lan_management_solutionMatchany

ciscounified_communications_domain_managerMatchany

ciscocontent_security_management_applianceMatchany

ciscoprime_infrastructureMatchany

ciscoconnected_grid_network_management_systemMatchany

ciscowebex_node_for_mcsMatchany

ciscounified_computing_system_central_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscovirtualization_experience_media_engineMatchany

ciscomediasenseMatchany

ciscounified_sip_proxyMatchany

ciscoucs_directorMatchany

ciscovideoscape_distribution_suite_service_brokerMatchany

ciscodigital_content_managerMatchany

ciscoprime_service_catalogMatchany

cisconexus_1000vMatch1000v_switchnexus_1000v

ciscoapplication_policy_infrastructure_controller_\(apic\)Matchany

ciscoexpresswayMatchany

ciscojabber_guestMatchany

ciscodesktop_collaboration_experienceMatchany

ciscoprime_license_managerMatchany

ciscointersight_virtual_applianceMatchany

ciscoprime_network_services_controllerMatchany

ciscotelepresence_isdn_gw_3241Matchany

ciscotelepresence_conductorMatchany

ciscofirepower_system_softwareMatchany

ciscoprime_collaboration_assuranceMatchany

ciscoprime_collaboration_provisioningMatchany

ciscopaging_serverMatchany

ciscomodular_encoding_platform_d9036_softwareMatchany

ciscovideoscape_distribution_suite_service_brokerMatchany

ciscovideo_surveillance_8030_firmwareMatchany

ciscovirtual_topology_systemMatchany

cisconexus_1000vMatch3000_series_switchnexus_1000v

ciscohosted_collaboration_mediation_fulfillmentMatchany

ciscocloud_services_platform_2100Match2100

ciscoregistered_envelope_serviceMatchany

CPENameOperatorVersion
cisco application and content networking system (acns) softwareeqany
cisco unityeqany
cisco prime access registrareqany
cisco emergency respondereqany
cisco ios xr softwareeqany
cisco unity expresseqany
cisco nac appliance softwareeqany
intrusion prevention system (ips)eqany
cisco ace application control engine moduleeqany
cisco wide area application services (waas)eqany

Name	Operator	Version
cisco application and content networking system (acns) software	eq	any
cisco unity	eq	any
cisco prime access registrar	eq	any
cisco emergency responder	eq	any
cisco ios xr software	eq	any
cisco unity express	eq	any
cisco nac appliance software	eq	any
intrusion prevention system (ips)	eq	any
cisco ace application control engine module	eq	any
cisco wide area application services (waas)	eq	any