Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1030
Views
0
Helpful
2
Replies

CSCux46898 - NTP associations vulnerability

dapot.simarmata
Level 1
Level 1

‎05-12-2016 01:10 AM - edited ‎03-20-2019 08:55 PM

Dear All,

Anyone can give clarity of this bug? Does it impact all devices?

It is mentioned in the vulnerability CVE-2016-1384, that affected devices are Cisco IOS devices prior to IOS 15.5(3)M01.

For devices with no IOS 15.5 available for download, that means all impacted?

1 person had this problem
Labels:
0 Helpful
2 Replies 2

mlatiffff
Level 1
Level 1

‎05-18-2016 07:04 AM

HI,

I had this reply from CISCO,  but its still vague ..

Hi Mohammed,

 

I hope my email finds you well.

 

Regarding the additional inquires about "Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability":-

 

-'Cisco IOS 15.5(3)M01 and prior'   are only affected: that's mean it will affect versions which doesn't have fix of CSCux46898:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux46898/?reffering_site=dumpcr

 

-'Cisco IOS 15.5(3)M01 The fixed version of CSCtt02144 as it cause problem.

 

-Is it anything prior ONLY  in the  15.5  train ?  or does it include other trains such as  15.0(2)Se8 ? 12.2(55)SE10 , 12.2(58)SE ?

Fix of CSCtt02144:This was revert back after 15.5 and above, 15.1 and below doesn't affected by this DDTS.

So 15.0(2)SE8, 12.2(55)SE0, 12.2(58)SE will not be affected by this DDTS.

 

-The fix is available from 3.16 [15.5(3)S2/XE3.16.2] , 3.18[15.6(1)S1], v161_0_throttle

 

Also DE's are working on those fixes.

It will affect all FIXED version of CSCtt02144.

-CSCux46898  will  not affect   Wall E / 3.2.xSE, / v150_1_SE_throttle  

-CSCux46898  will  not affect   Nile  / 3.3.xSE / v150_2_se_throttle

3.3.xSG is running on NTPv3. So it will not affect.

-CSCux46898  will affect  3.4.xSG  [ 15.1(2)SGx] 

-CSCux46898  will affect 3.6.xE/ Amur, 3.7.xE/ Beni, 3.8.xE/ v152_4_e_throttle.

-CSCux46898 will not affect 12.2SE, 15.0SE, But will affect 15.2E

 

Please let me know if you need further assistance in this case I will be waiting your reply.

Thank you and have a great day!

 

0 Helpful

markmurray
Level 1
Level 1
In response to mlatiffff

‎05-22-2016 04:23 PM

This is a very confusing vulnerability/bug. The vulnerability states that Cisco IOS 15.5(3)M01 and prior are affected yet the bug states 15.5(2.2)T is the known affected release. Also the comments suggest 15.5 and above and 15.1 and below are not affected, yet the bug gives fixes in versions above 15.5 and below 15.1.

Next, the bug states that the affects versions of IOS Software are those with the fix for CSCtt02144, however a search for that bug suggests it is a cisco internal bug and hasn't been published. So what versions of IOS had the fix for CSCtt02144.

What is needed is a list of affected versions and a corresponding list of fixed versions as the current information is too confusing.

Lastly, will an ACL on the NTP config, eg ntp access-group xx ( where the ACL xx only permits a trusted source ), mitigate this issue, or does it need to be on an interface.

0 Helpful
Customers Also Viewed These Support Documents