05-12-2016 01:10 AM - edited 03-20-2019 08:55 PM
Dear All,
Anyone can give clarity of this bug? Does it impact all devices?
It is mentioned in the vulnerability CVE-2016-1384, that affected devices are Cisco IOS devices prior to IOS 15.5(3)M01.
For devices with no IOS 15.5 available for download, that means all impacted?
05-18-2016 07:04 AM
HI,
I had this reply from CISCO, but its still vague ..
Hi Mohammed,
I hope my email finds you well.
Regarding the additional inquires about "Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability":-
-'Cisco IOS 15.5(3)M01 and prior' are only affected: that's mean it will affect versions which doesn't have fix of CSCux46898:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux46898/?reffering_site=dumpcr
-'Cisco IOS 15.5(3)M01 The fixed version of CSCtt02144 as it cause problem.
-Is it anything prior ONLY in the 15.5 train ? or does it include other trains such as 15.0(2)Se8 ? 12.2(55)SE10 , 12.2(58)SE ?
Fix of CSCtt02144:This was revert back after 15.5 and above, 15.1 and below doesn't affected by this DDTS.
So 15.0(2)SE8, 12.2(55)SE0, 12.2(58)SE will not be affected by this DDTS.
-The fix is available from 3.16 [15.5(3)S2/XE3.16.2] , 3.18[15.6(1)S1], v161_0_throttle
Also DE's are working on those fixes.
It will affect all FIXED version of CSCtt02144.
-CSCux46898 will not affect Wall E / 3.2.xSE, / v150_1_SE_throttle
-CSCux46898 will not affect Nile / 3.3.xSE / v150_2_se_throttle
3.3.xSG is running on NTPv3. So it will not affect.
-CSCux46898 will affect 3.4.xSG [ 15.1(2)SGx]
-CSCux46898 will affect 3.6.xE/ Amur, 3.7.xE/ Beni, 3.8.xE/ v152_4_e_throttle.
-CSCux46898 will not affect 12.2SE, 15.0SE, But will affect 15.2E
Please let me know if you need further assistance in this case I will be waiting your reply.
Thank you and have a great day!
05-22-2016 04:23 PM
This is a very confusing vulnerability/bug. The vulnerability states that Cisco IOS 15.5(3)M01 and prior are affected yet the bug states 15.5(2.2)T is the known affected release. Also the comments suggest 15.5 and above and 15.1 and below are not affected, yet the bug gives fixes in versions above 15.5 and below 15.1.
Next, the bug states that the affects versions of IOS Software are those with the fix for CSCtt02144, however a search for that bug suggests it is a cisco internal bug and hasn't been published. So what versions of IOS had the fix for CSCtt02144.
What is needed is a list of affected versions and a corresponding list of fixed versions as the current information is too confusing.
Lastly, will an ACL on the NTP config, eg ntp access-group xx ( where the ACL xx only permits a trusted source ), mitigate this issue, or does it need to be on an interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide