Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016


Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On June 2, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details five issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time. 

The new vulnerabilities disclosed in this document are as follows:
  • Network Time Protocol CRYPTO-NAK Denial of Service Vulnerability
  • Network Time Protocol Bad Authentication Demobilizes Ephemeral Associations Vulnerability
  • Network Time Protocol Processing Spoofed Server Packets Vulnerability
  • Network Time Protocol Autokey Association Reset Vulnerability
  • Network Time Protocol Broadcast Interleave Vulnerability
Additional details about each vulnerability are in the http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security and 


Style Switcher

Predefined Colors

Layout Style

Header Color

Footer Top Color

Footer Bottom Color