cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
83
Views
0
Helpful
1
Replies
Beginner

I need a fix for CVE-1999-0524

Vulnerability name: CVE-1999-0524
Vulnerability scanner IDs: 10114
Description: ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Solution Name: ICMP Timestamp Request Remote Date Disclosure
Solution Description: Filter out the ICMP timestamp requests (13), and the outgoing ICMP
timestamp replies (14).

 

This vulnerability is on my IOS and IOS XE switches.

 

 

Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 15.1(2)SY12, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Mon 23-Apr-18 10:15 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)

xxxxxx uptime is 1 year, 3 weeks, 2 days, 23 hours, 7 minutes
Uptime for this control processor is 1 year, 3 weeks, 2 days, 22 hours, 39 minutes
System returned to ROM by reload at 17:00:48 CDT Fri Jul 20 2018 (SP by reload)
System restarted at 17:03:49 CDT Fri Jul 20 2018
System image file is "disk0:s72033-ipservicesk9-mz.151-2.SY12.bin"
Last reload reason: Reload Command

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.5) with 458720K/65536K bytes of memory.
Processor board ID xxxxxxxxx
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
2 Virtual Ethernet interfaces
196 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.

65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: I need a fix for CVE-1999-0524

 FYI,  setup an ACL and applied inbound to resolve this vulnerablility

 

 

access-list xxx deny icmp any any timestamp-request
access-list xxx deny icmp any any timestamp-reply
access-list xxx permit ip any any

 

int xxx

ip access-group 123 in

1 REPLY 1
Highlighted
Beginner

Re: I need a fix for CVE-1999-0524

 FYI,  setup an ACL and applied inbound to resolve this vulnerablility

 

 

access-list xxx deny icmp any any timestamp-request
access-list xxx deny icmp any any timestamp-reply
access-list xxx permit ip any any

 

int xxx

ip access-group 123 in