Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2299
Views
5
Helpful
3
Replies

CVE-2016-9310 – NTP 6 Queries vulnerability on Internet switches

csawest.dc
Level 3
Level 3

‎11-27-2017 02:05 AM - edited ‎03-08-2019 12:53 PM

Hi all,

 

we are getting below Vulnerability on internet switches(CVE-2016-9310) 

 

The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query.

 

#IOS also updated latest one. 

Is there any workaround to resolved this issue.

Labels:
0 Helpful
3 Replies 3

Georg Pauwen
VIP
VIP

‎11-27-2017 04:21 AM

Hello,

 

the easiest way to remedy this is to use NTP authentication. The vulnerability exists only with regard to unauthorized 'attackers'...

csawest.dc
Level 3
Level 3
In response to Georg Pauwen

‎11-27-2017 06:54 AM

Thanks for the reply !

 

already we have authenticate ntp on all devices   

0 Helpful

johnd2310
Level 8
Level 8

‎11-27-2017 05:31 PM

Hi,

Don't use your switches as NTP servers. Your switches should only be NTP clients. Get an NTP appliance or configure a PC server to run NTP. Configure your switches to deny all NTP requests using the NTP access-group command.

 

Thanks

John 

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card