Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11096
Views
0
Helpful
7
Replies

ICMP Timestamp Request Remote Date Disclosure

John N
Level 1
Level 1

‎05-22-2024 11:07 AM

I have 8 3850 Cisco Switches that have a vulnerability that need to be fixed.  The vulnerability is ICMP Timestamp Request Remote Date Disclosure.  Essentially what I need to do is filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).  I am unsure how to go about this.  Any assistance-feedback would be appreciated. 

 

 

2 people had this problem
Labels:
0 Helpful
7 Replies 7

marce1000
VIP
VIP

‎05-22-2024 11:22 PM

 

       - FYI : https://community.cisco.com/t5/other-security-subjects/i-need-a-fix-for-cve-1999-0524/m-p/3908354#M149108
                 https://community.cisco.com/t5/data-center-switches/icmp-timestamp-request-remote-date-disclosure/td-p/5102310

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

wjg6786
Level 1
Level 1

‎06-21-2024 07:51 AM

I have attempted the acls but still receive timestamps on command prompt. how do you correct this? I have looked at both threads and still cannot correctly apply it. 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to wjg6786

‎06-21-2024 08:23 AM

Both threads describe using an acl applied inbound to filter out the timestamp request. Can you give a some information about your environment and some details about the acl that you configured and how you applied it?

I am not clear what you mean when you say "but still receive timestamps on command prompt" Where are you executing this command prompt?

HTH

Rick
0 Helpful

wjg6786
Level 1
Level 1
In response to Richard Burts

‎06-21-2024 08:45 AM

ACLs were applied to management vlan interface and did not work for us. They were then applied to the trunk interface and did not work as well. As for command prompt, we tested to see it it worked by going onto command prompt and ping -s the switch. 

0 Helpful

John N
Level 1
Level 1
In response to wjg6786

‎06-24-2024 08:39 AM

I opened a ticket with TAC and they notified me that this vulnerability does not apply to is not Cisco related.  It is a Linux based vulnerability.  My group accepted it as a false positive/accepted risk.  However, if you still want to filter the ICMP you can capture if there is any ICMP 13 and 14 traffic or not by doing the following:

monitor capture TEST interface gig 1/0/1 in control-plane both match ipv4 host <destination IP> host <IP of gig 1/0/1> buffer size 100

monitor capture TEST start

monitor capture TEST stop

show monitor capture buffer brief

 

no monitor capure TEST

 

monitor capture TEST interface gig 1/0/1 out control-plane both match ipv4 host <IP of gig 1/0/1> host <destination IP> buffer size 100

monitor capture TEST start

monitor capture TEST stop

show monitor capture buffer brief

 

 

 

0 Helpful

wjg6786
Level 1
Level 1
In response to John N

‎06-24-2024 08:55 AM

thanks for the reply. we are currently waiting on scans to come back and see if the acls we applied this time have worked. 

0 Helpful

rsmith92629
Level 1
Level 1
In response to wjg6786

‎08-14-2024 04:57 PM

Well did it work?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card