Detections
Analytics

Cisco IOS XE NTP Information Disclosure (CSCuj66318)

medium Nessus Plugin ID 77053

Language:

Synopsis

The remote device is affected by an information disclosure vulnerability.

Description

The remote Cisco device potentially contains an issue with the 'ntp access-group' which could allow a remote attacker to bypass the NTP access group and query an NTP server configured to deny-all requests.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCuj66318.

See Also

http://www.nessus.org/u?d368fe89

https://tools.cisco.com/security/center/viewAlert.x?alertId=34884

Plugin Details

Severity: Medium

ID: 77053

File Name: cisco-CSCuj66318-ntp-iosxe.nasl

Version: 1.8

Type: combined

Family: CISCO

Published: 8/7/2014

Updated: 5/3/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2014

Vulnerability Publication Date: 7/9/2014

Reference Information

CVE: CVE-2014-3309

BID: 68463

CISCO-BUG-ID: CSCuj66318