topic Re: NTP Vulnerability issue -- CVE-2014-5209 in Network Security

NTP Vulnerability issue -- CVE-2014-5209

krisvamcee — Fri, 21 Feb 2020 15:52:27 GMT

Hi all,

Could somebody please advise how do I fix the below vulnerability issue as I couldn't find any solution for it. Is this vulnerability a concern?

Vulnerability Description

--------------------

An NTP control (mode 6) message with the UNSETTRAP (31) opcode with an unknown association identifier will cause NTP to respond with two packets -- one error response packet indicating that the association identifier was invalid followed by another non-er

CVE-IDs -- 2014-5209

The only config I have on the router for ntp is

ntp peer x.x.x.x

Regards

Kris

Re: NTP Vulnerability issue -- CVE-2014-5209

Marvin Rhoads — Sun, 17 Jun 2018 07:37:40 GMT

NTP has been the source of numerous reported vulnerabilities over the years. The particular one you mentioned though doesn't appear to affect the most common Cisco software (such as IOS and ASA).

Do you have a specific reason to suspect it affects your equipment?

In general, you should run the Cisco-recommended release (as indicated on the downloads page for that product) that both supports your hardware and addresses any significant security vulnerabilities according to the product release notes.

Re: NTP Vulnerability issue -- CVE-2014-5209

krisvamcee — Mon, 18 Jun 2018 23:59:06 GMT

Thanks Marvin.

I got this from the vulnerability scan report, although the severity is low, just want to know if we can fix this.

Regards

Kris

Re: NTP Vulnerability issue -- CVE-2014-5209

Marvin Rhoads — Tue, 19 Jun 2018 17:58:05 GMT

Cisco is pretty good about owning up to vulnerabilities and releasing patches. That one just didn't show up in my search.

What device and software version is the scanner reporting against?

Re: NTP Vulnerability issue -- CVE-2014-5209

krisvamcee — Wed, 20 Jun 2018 02:54:54 GMT

Hi Marvin,

It's ISR4431/K9 and version is 03.16.04b.S.

Regards

Kris

Re: NTP Vulnerability issue -- CVE-2014-5209

Marvin Rhoads — Wed, 20 Jun 2018 15:13:36 GMT

There's nothing in the release notes for that version (or others in the releases after it) that mention that vulnerability. I suspect your scanner is reporting a false positive.

Re: NTP Vulnerability issue -- CVE-2014-5209

krisvamcee — Thu, 21 Jun 2018 02:34:41 GMT

Yeah maybe. I will wait until next report comes out.

Re: NTP Vulnerability issue -- CVE-2014-5209

feiyang2 — Wed, 22 Apr 2020 03:48:38 GMT

Hi, Marvin

I also hit this issue CVE-2014-5209 in customer field. But I can not find any information from Cisco security center https://tools.cisco.com/security/center/publicationListing.x. Do you know where I can find more information of CVE-2014-5209 then I can judge whether customer's devices were impacted.

Thanks

Fei yang

Re: NTP Vulnerability issue -- CVE-2014-5209

Marvin Rhoads — Wed, 22 Apr 2020 04:44:38 GMT

I could not find the CVE cited in any Cisco publicly published security advisory or bugID. However I did find the following two BugIDs that should be of use in determining whether your customer's equipment is affected by the underlying ntp mode 6 and mode 7 vulnerabilities: https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673 https://quickview.cloudapps.cisco.com/quickview/bug/CSCtd75033

Re: NTP Vulnerability issue -- CVE-2014-5209

feiyang2 — Wed, 22 Apr 2020 04:53:23 GMT

Thanks, Marvin.

I will check it.

Fei Yang