Cisco IOS XE NTP Information Disclosure (CSCuj66318)

medium Nessus Plugin ID 77053

Synopsis

The remote device is affected by an information disclosure vulnerability.

Description

The remote Cisco device potentially contains an issue with the 'ntp access-group' which could allow a remote attacker to bypass the NTP access group and query an NTP server configured to deny-all requests.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCuj66318.

See Also

http://www.nessus.org/u?d368fe89

https://tools.cisco.com/security/center/viewAlert.x?alertId=34884

Plugin Details

Severity: Medium

ID: 77053

File Name: cisco-CSCuj66318-ntp-iosxe.nasl

Version: 1.7

Type: local

Family: CISCO

Published: 8/7/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2014

Vulnerability Publication Date: 7/9/2014

Reference Information

CVE: CVE-2014-3309

BID: 68463

CISCO-BUG-ID: CSCuj66318