BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Cisco NTP Mode 7 Denial of Service Vulnerability

Disclosed January 15, 2014    Zeroday : 317 days

Vulnerability Description:

Certain Cisco products mishandle MODE_PRIVATE (Mode 7) NTP control messages, which can be leveraged to amplify the size of responses by 5,500 times, thereby causing a denial of service condition to arise. This may cause vulnerable Cisco products to become unresponsive.

Vendors:

Cisco

Vulnerable Software/Devices:

Cisco NX-OS Software
IOS
Cisco IOS XE Software
Cisco Unified Communications Manager
Cisco MXE 3500 (Media Experience Engine)
Cisco Videoscape Distribution Suite Transparent Caching (VDS TC)
Cisco Digital Content Manager (DCM) Software
Cisco Video Surveillance Operations Manager Software
Cisco Unified Contact Center Express
Cisco MediaSense
Cisco SocialMiner
Cisco Finesse
Cisco Unified Intelligence Center
Cisco Application and Content Networking System (ACNS) Software

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Denial of Service
Exploitation of this vulnerability will cause the system or device to become unresponsive, causing a denial of service condition. Attackers can continue sending malicious NTP payloads to keep triggering the denial of service condition.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability

  • 33963 - Cisco ACNS 5.5(33) and Prior NTP Denial of Service (Zero-Day)

Mitigation:

Restrict traffic at the perimeter firewall.

Links:

CVE(s):