Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17476
Views
0
Helpful
5
Replies

Network Time Protocol (NTP) Mode 6 Scanner Vulnerability on Cisco Devices

pankaj29in
Level 1
Level 1

‎03-27-2017 05:36 AM - edited ‎03-08-2019 09:56 AM

Hi All,

Recently I came across this vulnerability on Cisco network switches of "Network Time Protocol (NTP) Mode 6 Scanner" which in description had "The remote NTP server responds to mode 6 queries. Devices that respond to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit this, via a specially crafted mode 6 query, to cause a reflected
denial of service condition" this statement.

After checking this error online I realized IOS of the switches needs to be upgraded to 15.2 or greater. below that all will have this Vulnerability.

So is there any workaround which can be configured to get rid of this Vulnerability to be Compliant.

Regards

Mohit

7 people had this problem
Labels:
0 Helpful
5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

‎03-27-2017 05:58 AM

Hi does the bug ID give a workaround ? if not you probably need to upgrade or else it would have stated in there that there was another option , its always a good idea to keep your code up to date even though some v12 versions were very stable compared to v15

0 Helpful

lpassmore
Level 1
Level 1

‎03-27-2017 06:33 PM

Or implement NTP authentication

0 Helpful

csawest.dc
Level 3
Level 3
In response to lpassmore

‎11-21-2017 09:43 AM - edited ‎05-03-2018 12:18 AM

hi lpassmore

i have same issue.

please help us...

 

 

XYZ#show running-config | include ntp

ntp authentication-key 1 md5 06031722444F071E00 7

ntp authenticate

ntp trusted-key 1

ntp source GigabitEthernet0/11

ntp server XX.XX.XX.XX key 1

ntp server vrf Mgmtvrf XX.XX.XX.XX

 

0 Helpful

Georg Pauwen
VIP
VIP
In response to csawest.dc

‎11-21-2017 10:28 AM

Hello,

 

the vulnerability exists only for unauthenticated, remote attackers. Since you have authentication configured, you are already protected...

 

Network Time Protocol Rate Limiting Denial of Service Vulnerability

 

https://tools.cisco.com/security/center/viewAlert.x?alertId=49828

0 Helpful

csawest.dc
Level 3
Level 3
In response to Georg Pauwen

‎11-21-2017 08:55 PM

Hello Georg,

thanks for the reply !!

 

The remote NTP server responds to mode 6 queries. Devices that respond
to these queries have the potential to be used in NTP amplification
attacks. An unauthenticated, remote attacker could potentially exploit
this, via a specially crafted mode 6 query.

 

this happens for  all Cisco  devices !!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card