cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
14353
Views
0
Helpful
5
Replies
pankaj29in
Beginner

Network Time Protocol (NTP) Mode 6 Scanner Vulnerability on Cisco Devices

Hi All,

Recently I came across this vulnerability on Cisco network switches of "Network Time Protocol (NTP) Mode 6 Scanner" which in description had "The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected
denial of service condition" this statement.

After checking this error online I realized IOS of the switches needs to be upgraded to 15.2 or greater. below that all will have this Vulnerability.

So is there any workaround which can be configured to get rid of this Vulnerability to be Compliant.

Regards

Mohit

5 REPLIES 5
Mark Malone
Mentor

Hi does the bug ID give a workaround ? if not you probably need to upgrade or else it would have stated in there that there was another option , its always a good idea to keep your code up to date even though some v12 versions were very stable compared to v15

lpassmore
Beginner

Or implement NTP authentication

hi lpassmore

i have same issue.

please help us...

 

 

XYZ#show running-config | include ntp

ntp authentication-key 1 md5 06031722444F071E00 7

ntp authenticate

ntp trusted-key 1

ntp source GigabitEthernet0/11

ntp server XX.XX.XX.XX key 1

ntp server vrf Mgmtvrf XX.XX.XX.XX

 

Hello,

 

the vulnerability exists only for unauthenticated, remote attackers. Since you have authentication configured, you are already protected...

 

Network Time Protocol Rate Limiting Denial of Service Vulnerability

 

https://tools.cisco.com/security/center/viewAlert.x?alertId=49828

Hello Georg,

thanks for the reply !!

 

The remote NTP server responds to mode 6 queries. Devices that respond
to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit
this, via a specially crafted mode 6 query.

 

this happens for  all Cisco  devices !!