03-27-2017 05:36 AM - edited 03-08-2019 09:56 AM
Hi All,
Recently I came across this vulnerability on Cisco network switches of "Network Time Protocol (NTP) Mode 6 Scanner" which in description had "The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected
denial of service condition" this statement.
After checking this error online I realized IOS of the switches needs to be upgraded to 15.2 or greater. below that all will have this Vulnerability.
So is there any workaround which can be configured to get rid of this Vulnerability to be Compliant.
Regards
Mohit
03-27-2017 05:58 AM
Hi does the bug ID give a workaround ? if not you probably need to upgrade or else it would have stated in there that there was another option , its always a good idea to keep your code up to date even though some v12 versions were very stable compared to v15
03-27-2017 06:33 PM
Or implement NTP authentication
11-21-2017 09:43 AM - edited 05-03-2018 12:18 AM
hi lpassmore
i have same issue.
please help us...
XYZ#show running-config | include ntp
ntp authentication-key 1 md5 06031722444F071E00 7
ntp authenticate
ntp trusted-key 1
ntp source GigabitEthernet0/11
ntp server XX.XX.XX.XX key 1
ntp server vrf Mgmtvrf XX.XX.XX.XX
11-21-2017 10:28 AM
Hello,
the vulnerability exists only for unauthenticated, remote attackers. Since you have authentication configured, you are already protected...
Network Time Protocol Rate Limiting Denial of Service Vulnerability
https://tools.cisco.com/security/center/viewAlert.x?alertId=49828
11-21-2017 08:55 PM
thanks for the reply !!
The remote NTP server responds to mode 6 queries. Devices that respond
to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit
this, via a specially crafted mode 6 query.
this happens for all Cisco devices !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide