Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2728
Views
5
Helpful
9
Replies

NTP Vulnerability issue -- CVE-2014-5209

krisvamcee
Level 1
Level 1

‎06-12-2018 09:01 PM - edited ‎02-21-2020 07:52 AM

 

Hi all,

Could somebody please advise how do I fix the below vulnerability issue as I couldn't find any solution for it. Is this vulnerability a concern?

 

Vulnerability Description

--------------------

An NTP control (mode 6) message with the UNSETTRAP (31) opcode with an unknown association identifier will cause NTP to respond with two packets -- one error response packet indicating that the association identifier was invalid followed by another non-er

CVE-IDs -- 2014-5209

 

The only config I have on the router for ntp is 

 

ntp peer x.x.x.x

 

Regards

Kris

0 Helpful
9 Replies 9

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-17-2018 12:37 AM

NTP has been the source of numerous reported vulnerabilities over the years. The particular one you mentioned though doesn't appear to affect the most common Cisco software (such as IOS and ASA).

 

Do you have a specific reason to suspect it affects your equipment?

 

In general, you should run the Cisco-recommended release (as indicated on the downloads page for that product) that both supports your hardware and addresses any significant security vulnerabilities according to the product release notes.

0 Helpful

krisvamcee
Level 1
Level 1
In response to Marvin Rhoads

‎06-18-2018 04:59 PM

Thanks Marvin.

 

I got this from the vulnerability scan report, although the severity is low, just want to know if we can fix this.

 

Regards

Kris

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to krisvamcee

‎06-19-2018 10:58 AM

Cisco is pretty good about owning up to vulnerabilities and releasing patches. That one just didn't show up in my search.

 

What device and software version is the scanner reporting against?

0 Helpful

krisvamcee
Level 1
Level 1
In response to Marvin Rhoads

‎06-19-2018 07:54 PM

Hi Marvin,

 

It's ISR4431/K9 and version is 03.16.04b.S.

 

Regards

Kris

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to krisvamcee

‎06-20-2018 08:13 AM

There's nothing in the release notes for that version (or others in the releases after it) that mention that vulnerability. I suspect your scanner is reporting a false positive.

0 Helpful

krisvamcee
Level 1
Level 1
In response to Marvin Rhoads

‎06-20-2018 07:34 PM

 

Yeah maybe. I will wait until next report comes out.

0 Helpful

feiyang2
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎04-21-2020 08:48 PM

Hi, Marvin

   I also hit this issue CVE-2014-5209 in customer field. But I can not find any information from Cisco security center https://tools.cisco.com/security/center/publicationListing.x. Do you know where I can find more information of CVE-2014-5209 then I can judge whether customer's devices were impacted.

Thanks

Fei yang

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to feiyang2

‎04-21-2020 09:44 PM

I could not find the CVE cited in any Cisco publicly published security advisory or bugID. However I did find the following two BugIDs that should be of use in determining whether your customer's equipment is affected by the underlying ntp mode 6 and mode 7 vulnerabilities: https://quickview.cloudapps.cisco.com/quickview/bug/CSCum44673 https://quickview.cloudapps.cisco.com/quickview/bug/CSCtd75033

feiyang2
Cisco Employee
Cisco Employee
In response to Marvin Rhoads

‎04-21-2020 09:53 PM

Thanks, Marvin.

I will check it.

Fei Yang

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card