Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015

Summary

• Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a network time protocol (NTP) server.
  
  On October 21st, 2015, NTP.org released a security advisory detailing 13 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may result in an attacker gaining the ability to modify an NTP server's advertised time. The vulnerabilities covered in this document are as follows:
  

  • CVE-2015-7691 - Denial of Service AutoKey Malicious Message
  • CVE-2015-7692 - Denial of Service AutoKey Malicious Message
  • CVE-2015-7701 - Denial of Service CRYPTO_ASSOC Memory Leak
  • CVE-2015-7702 - Denial of Service AutoKey Malicious Message
  • CVE-2015-7703 - Configuration Directive File Overwrite Vulnerability
  • CVE-2015-7704 - Denial of Service by Spoofed Kiss-o'-Death
  • CVE-2015-7705 - Denial of Service by Priming the Pump
  • CVE-2015-7848 - Network Time Protocol ntpd Multiple Integer Overflow Read Access Violations
  • CVE-2015-7849 - Network Time Protocol Trusted Keys Memory Corruption Vulnerability
  • CVE-2015-7850 - Network Time Protocol Remote Configuration Denial of Service Vulnerability
  • CVE-2015-7851 - Network Time Protocol ntpd saveconfig Directory Traversal Vulnerability
  • CVE-2015-7852 - Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
  • CVE-2015-7853 - Network Time Protocol Reference Clock Memory Corruption Vulnerability
  • CVE-2015-7854 - Network Time Protocol Password Length Memory Corruption Vulnerability
  • CVE-2015-7855 - Denial of Service Long Control Packet Message
  • CVE-2015-7871 - NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability

  Additional details on each of the vulnerabilities can be found at the following links:
  
  Official Security Advisory from ntp.org: Security Notice
  Boston University: Attacking the Network Time Protocol
  Cisco TALOS: TALOS Vulnerability Reports
  
  Cisco will release software updates that address these vulnerabilities.
  
  Workarounds that mitigate one or more of the vulnerabilities may be available for certain products, please see the individual Cisco Bug IDs for details.
  
  This advisory is available at the following link:
  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

Affected Products

• 
  

  Products Under Investigation

  Cisco has concluded its investigation to determine the impact of the vulnerabilities covered by this document.
  

  Vulnerable Products

  The following table lists Cisco products that are affected by one or more of the vulnerabilities documented in this advisory:
  
  

  Product	Defect	Fixed releases availability
  Collaboration and Social Media
  Cisco WebEx Node for MCS	CSCuw84679
  Network Application, Service, and Acceleration
  Cisco Application Control Engine (ACE30/ ACE 4710)	CSCuw84697
  Cisco Visual Quality Experience Server	CSCuw84852	3.10.5 (9-Nov-2015)
  Cisco Visual Quality Experience Tools Server	CSCuw84852	3.10.5 (9-Nov-2015)
  Cisco Wide Area Application Services (WAAS)	CSCuw84891	5.5.5 (March 2016)
  Network and Content Security Devices
  Cisco ASA CX and Cisco Prime Security Manager	CSCuw84893	9.3.4.4 (9-Jan-2016)
  Cisco Identity Services Engine (ISE)	CSCuw84914	2.1 (June 2016)
  Cisco Intrusion Prevention System Solutions (IPS)	CSCuw84972	7.1(12) (May 2016) 7.3(05) (March 2016)
  Cisco Physical Access Control Gateway	CSCuw84901
  Cisco Physical Access Manager	CSCuw84903
  Cisco Secure Access Control Server (ACS)	CSCuw84970	5.7 Patch 2 (30-Apr-2016)
  Cisco Virtual Security Gateway for Microsoft Hyper-V	CSCuw84714	5.2(1)VSG2(1.5) (30-May-2016)
  Network Management and Provisioning
  Cisco Prime Data Center Network Manager (.ova and .iso installers)	CSCuw84704	7.2.2 (30-Dec-2015)
  Cisco Prime Infrastructure Standalone Plug and Play Gateway	CSCuw84746
  Cisco Prime License Manager	CSCuw84810	10.5(2)su3 (31-Jan-2016) 11.0(1)su2 (31-Mar-2016)
  Cisco Prime Service Catalog Virtual Appliance	CSCuw84835	11.0 (30-Apr-2016) 11.1 (30- Apr-2016)
  Cisco Quantum Policy Suite (QPS)	CSCuw85824	9.0 (March 2016)
  Cisco Quantum SON Suite	CSCuw85825	Update via CLI
  Cisco UCS Central	CSCuw84719	1.4(1a) (18-Dec-2015)
  Cisco Virtual Topology System (formally Virtual Systems Operations Center)	CSCuw84765	2.0.1 (30-Dec-2015)
  Routing and Switching - Enterprise and Service Provider
  Cisco Application Policy Infrastructure Controller (APIC)	CSCuw84705	1.2(1) (4-Dec-2015)
  Cisco Connected Grid Router	CSCuw84854	15.3(01)IE101.155 (5-Feb-2016)
  Cisco Connected Grid Routers - CGOS	CSCuw84702
  Cisco IOS and Cisco IOS XE Software	CSCuw85826	Consult Cisco IOS Software Checker for fixed release info.
  Cisco MDS 9000 Series Multilayer Switches	CSCuw84707	7.3 (31-Jan-2016) 6.2.15 (31-Jan-2016)
  Cisco Nexus 1000V Series Switches	CSCuw84710	5.2(1)SV3(1.11) (16-Feb-2016)
  Cisco Nexus 3000 Series Switches	CSCuw84712	7.0.3.I3 (31-Jan-2016)
  Cisco Nexus 5000 and 6000 Series Switches	CSCuw84708	7.3 (31-Jan-2016)
  Cisco Nexus 7000 Series Switches	CSCuw84708	7.3 (31-Jan-2016)
  Cisco Nexus 9000 Series Switches	CSCuw84709	7.0.3.I3 (31-Jan-2016)
  Unified Computing
  Cisco Common Services Platform Collector	CSCuw84644	1.8 (24-Nov-2015)
  Cisco Standalone rack server CIMC	CSCuw84720	EPMR8 2.0 (9x) (15-Jan-2016)
  Cisco UCS Director	CSCuw84703	5.5 (March 2016)
  Cisco UCS Invicta Series	CSCuw84706	A patch file will be available by 4-Dec-2015.
  Cisco Unified Computing System E-Series Blade Server	CSCuw84640	5.2VSG2(1.5) (30-May-2016)
  Voice and Unified Communications Devices
  Cisco ASR5X00 Series	CSCuw84642	19.3 (12-Feb-2016)
  Cisco Emergency Responder	CSCuw85099	11.5 (14-Jun-2016)
  Cisco Finesse	CSCuw98638	11.5 (30-Apr-2016)
  Cisco Hosted Collaboration Mediation Fulfillment	CSCuw85108	10.6.3 (Available)
  Cisco IM and Presence Service (CUPS)	CSCuw85104	10.5(2) SU2 (February 2016)
  Cisco Management Heartbeat Server	CSCuw84997	5.1 (31-Mar-2016)
  Cisco MediaSense	CSCuw85139	11.0(1) (17-Dec-2015) 11.5(1) (31-Mar-2016)
  Cisco Quantum Virtualized Packet Core	CSCuw84642	19.3 (12-Feb-2016)
  Cisco SocialMiner	CSCuw85071
  Cisco Unified Communications Manager (UCM)	CSCuw85074	10.5(2)SU3 (31-Jan-2015)
  Cisco Unified Communications Manager Session Management Edition (SME)	CSCuw85074	10.5(2)SU3 (31-Jan-2015)
  Cisco Unified Contact Center Express	CSCuw98637
  Cisco Unified Sip Proxy	CSCuw84641	10.0 (June 2016)
  Cisco Unity Connection (UC)	CSCuw85080
  Cisco Unity Express	CSCuw84638	10.0 (2-Jan-2017)
  Cisco Virtualization Experience Client 6215	CSCuw85157	No further releases planned.
  Video, Streaming, TelePresence, and Transcoding Devices
  Cisco 910 Industrial Router	CSCuw84981	1.2.1RB3 (30-Nov-2015)
  Cisco DCM Series 9900-Digital Content Manager	CSCuw84721	18.0.0 (31-Mar-2016)
  Cisco DNCS Application Server (AppServer)	CSCuw85001
  Cisco Digital Transport Adapter Control System (DTACS)	CSCuw85005
  Cisco Download Server (DLS) (Solaris)	CSCuw94421
  Cisco Edge 300 Digital Media Player	CSCuw84983	1.6RB4_2 (20-Nov-2015)
  Cisco Edge 340 Digital Media Player	CSCuw84987	1.2.0.16 (30-Nov-2016)
  Cisco Enterprise Content Delivery System (ECDS)	CSCuw84791	2.6.6 (31-Dec-2015)
  Cisco Expressway Series	CSCuw84833	X8.7 (13-Nov-2015)
  Cisco IPTV Service Delivery System (ISDS)	CSCuw94413
  Cisco International Digital Network Control System (iDNCS)	CSCuw85007
  Cisco Media Experience Engines (MXE)	CSCuw84808	3.5 (Available)
  Cisco Remote Network Control System (RNCS)	CSCuw94428
  Cisco TelePresence 1310	CSCuw85054
  Cisco TelePresence Conductor	CSCuw84782	XC4.1 (8-Dec-2015)
  Cisco TelePresence EX Series	CSCuw84818	TC7.3.5 (February 2016)
  Cisco TelePresence ISDN Link	CSCuw84797	IL1.1.6 (15-Dec-2015)
  Cisco TelePresence MX Series	CSCuw84818	TC7.3.5 (February 2016)
  Cisco TelePresence Profile Series	CSCuw84818	TC7.3.5 (February 2016)
  Cisco TelePresence SX Series	CSCuw84818	TC7.3.5 (February 2016)
  Cisco TelePresence System 1000	CSCuw85054
  Cisco TelePresence System 1100	CSCuw85054
  Cisco TelePresence System 1300	CSCuw85054
  Cisco TelePresence System 3000 Series	CSCuw85054
  Cisco TelePresence System 500-32	CSCuw85054
  Cisco TelePresence System 500-37	CSCuw85054
  Cisco TelePresence TX 9000 Series	CSCuw85054
  Cisco TelePresence Video Communication Server (VCS)	CSCuw84833	X8.7 (13-Nov-2015)
  Cisco Telepresence Integrator C Series	CSCuw84818	TC7.3.5 (February 2016)
  Cisco VDS Service Broker	CSCuw85022	No further releases planned.
  Cisco Video Delivery System Recorder	CSCuw84847	No updates planned.
  Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS)	CSCuw84849	4.3.1 (31-Jan-2016)
  Cisco Video Surveillance Media Server	CSCuw84912	7.8 (March 2016)
  Cisco Videoscape Distribution Suite Transparent Caching	CSCuw85024
  Cloud Object Store (COS)	CSCuw84845	2.1.2 (10-Nov-2015) 3.0.1 (10-Nov-2015) 3.5.0 (10-Nov-2015)
  Explorer Controller (EC) system	CSCuw85003
  Wireless
  Cisco Small Business 121 Series Wireless Access Points	CSCuw84962
  Cisco Small Business 321 Series Wireless Access Points	CSCuw84962
  Cisco Small Business 500 Series Wireless Access Points	CSCuw84958
  Cisco WAP371 wireless access point	CSCuw84954
  Cisco Hosted Services
  Cisco Cloud Services	CSCuw84780	Affected systems have been patched.
  Cisco Cloud Web Security	CSCuw84974
  Cisco Intelligent Automation for Cloud	CSCuw84837	4.3.1 (30-Dec-2015)
  Cisco Universal Small Cell 5000 Series running V3.4.2.x software	CSCuw84995	BV3.4.2.34 (31-Dec-2015) BV3.5.12.16 (31-Jan-2016)
  Cisco Universal Small Cell 7000 Series running V3.4.2.x software	CSCuw84995	BV3.4.2.34 (31-Dec-2015) BV3.5.12.16 (31-Jan-2016)
  Cisco Universal Small Cell CloudBase	CSCuw84990	Affected systems have been patched.
  Network Change and Configuration Management	CSCuw84649	A patch is available for affected releases. 2.9.2 (30-Jan-2015)

  Products Confirmed Not Vulnerable

  Collaboration and Social Media
  

  • Cisco MeetingPlace
  • Cisco WebEx Meetings Server versions 1.x
  • Cisco WebEx Meetings Server versions 2.x

  
  Endpoint Clients and Client Software
  

  • Cisco Agent for OpenFlow
  • Cisco IP Communicator
  • Cisco Jabber Guest 10.0(2)
  • Cisco NAC Agent for Mac
  • Cisco NAC Agent for Web
  • Cisco UC Integration for Microsoft Lync
  • Cisco Unified Personal Communicator
  • Cisco WebEx Meetings for Android
  • Cisco WebEx Meetings for BlackBerry
  • Cisco WebEx Meetings for WP8
  • Cisco WebEx Productivity Tools
  • JCF components
  • WebEx Recording Playback Client

  
  Network Application, Service, and Acceleration
  

  • Cisco Adaptive Security Appliance (ASA) Software
  • Cisco Application and Content Networking System (ACNS)
  • Cisco Extensible Network Controller (XNC)
  • Cisco Nexus Data Broker (NDB)
  • Content Services Switch

  
  Network and Content Security Devices
  

  • Cisco Adaptive Security Device Manager
  • Cisco Clean Access Manager
  • Cisco Email Security Appliance (ESA)
  • Cisco FireSIGHT System Software
  • Cisco Firepower 9000 Cisco Integrated Management Controller (CIMC)
  • Cisco Ironport WSA
  • Cisco NAC Appliance (Clean Access Server)
  • Cisco NAC Guest Server
  • Cisco NAC Server
  • Cisco Security Management Appliance (SMA)

  
  Network Management and Provisioning
  

  • Cisco Access Registrar Appliance
  • Cisco Application Networking Manager
  • Cisco Connected Grid Device Manager
  • Cisco Connected Grid Network Management System
  • Cisco Insight Reporter
  • Cisco Linear Stream Manager
  • Cisco Multicast Manager
  • Cisco Network Collector
  • Cisco Prime Access Registrar Appliance
  • Cisco Prime Access Registrar
  • Cisco Prime Analytics
  • Cisco Prime Cable Provisioning
  • Cisco Prime Central for SPs
  • Cisco Prime Collaboration Assurance
  • Cisco Prime Collaboration Provisioning
  • Cisco Prime Home
  • Cisco Prime IP Express
  • Cisco Prime Infrastructure
  • Cisco Prime LAN Management Solution (LMS - Solaris)
  • Cisco Prime Network Registrar (CPNR) virtual appliance
  • Cisco Prime Network Registrar IP Address Manager (IPAM)
  • Cisco Prime Network Services Controller
  • Cisco Prime Network
  • Cisco Prime Optical for SPs
  • Cisco Prime Performance Manager
  • Cisco Prime Provisioning for SPs
  • Cisco Security Manager
  • Cisco Unified Provisioning Manager (CUPM)
  • CiscoWorks Network Compliance Manager
  • Local Collector Appliance (LCA)
  • Unified Communications Deployment Tools

  
  Routing and Switching - Enterprise and Service Provider
  

  • CRS-CGSE-PLIM
  • CRS-CGSE-PLUS
  • Cisco ASR 9000 Series Integrated Service Module
  • Cisco Broadband Access Center Telco Wireless
  • Cisco IOS XR Software
  • Cisco Metro Ethernet 1200 Series Access Devices
  • Cisco Mobile Wireless Transport Manager
  • Cisco Nexus 4000 Series
  • Cisco ONS 15454 Series Multiservice Provisioning Platforms
  • Cisco OnePK All-in-One VM
  • Cisco Service Control Application for Broadband
  • Cisco Service Control Collection Manager
  • Cisco Service Control Operating System
  • Cisco Service Control Subscriber Manager
  • Cisco VPN Acceleration Engine
  • IOS-XR for Cisco Network Convergence System (NCS) 6000

  
  Routing and Switching - Small Business
  

  • Cisco Small Business AP500 Series Wireless Access Points
  • Cisco Small Business RV 120W Wireless-N VPN Firewall
  • Cisco Small Business RV Series Routers 0xxv3
  • Cisco Small Business RV Series Routers RV110W
  • Cisco Small Business RV Series Routers RV130x
  • Cisco Small Business RV Series Routers RV215W
  • Cisco Small Business RV Series Routers RV220W
  • Cisco Small Business RV Series Routers RV315W
  • Cisco Small Business RV Series Routers RV320
  • Cisco Sx220 switches
  • Cisco Sx300 switches
  • Cisco Sx500 switches

  
  Unified Computing
  

  • Cisco UCS ADA
  • Cisco UCS Manager
  • Cisco Unified Computing System B-Series (Blade) Servers
  • UCS IO Modules

  
  Voice and Unified Communications Devices
  

  • Cisco 190 ATA Series Analog Terminal Adaptor
  • Cisco 7937 IP Phone
  • Cisco 8800 Series IP Phones - VPN Feature
  • Cisco ATA 187 Analog Telephone Adaptor
  • Cisco Agent Desktop
  • Cisco Broadband Access Center for Cable Tools Suite 4.1
  • Cisco Broadband Access Center for Cable Tools Suite 4.2
  • Cisco Computer Telephony Integration Object Server (CTIOS)
  • Cisco DX Series IP Phones
  • Cisco IP Interoperability and Collaboration System (IPICS)
  • Cisco Packaged Contact Center Enterprise
  • Cisco Paging Server (Informacast)
  • Cisco Paging Server
  • Cisco Prime Cable Provisioning Tools Suite 5.0
  • Cisco Prime Cable Provisioning Tools Suite 5.1
  • Cisco Remote Silent Monitoring
  • Cisco SPA112 2-Port Phone Adapter
  • Cisco SPA122 ATA with Router
  • Cisco SPA232D Multi-Line DECT ATA
  • Cisco SPA30X Series IP Phones
  • Cisco SPA50X Series IP Phones
  • Cisco SPA51X Series IP Phones
  • Cisco SPA525G
  • Cisco SPA8000 8-port IP Telephony Gateway
  • Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
  • Cisco TAPI Service Provider (TSP)
  • Cisco Unified 3900 series IP Phones
  • Cisco Unified 6911 IP Phones
  • Cisco Unified 6921 IP Phones
  • Cisco Unified 6945 IP Phones
  • Cisco Unified 7800 Series IP Phones
  • Cisco Unified 8831 series IP Conference Phone
  • Cisco Unified 8961 IP Phone
  • Cisco Unified 9951 IP Phone
  • Cisco Unified 9971 IP Phone
  • Cisco Unified Attendant Console Advanced
  • Cisco Unified Attendant Console Business Edition
  • Cisco Unified Attendant Console Department Edition
  • Cisco Unified Attendant Console Enterprise Edition
  • Cisco Unified Attendant Console Premium Edition
  • Cisco Unified Attendant Console Standard
  • Cisco Unified Client Services Framework
  • Cisco Unified Communications Domain Manager
  • Cisco Unified Contact Center Enterprise
  • Cisco Unified E-Mail Interaction Manager
  • Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
  • Cisco Unified IP Phone 7900 Series
  • Cisco Unified IP Phone 8941 and 8945 (SIP)
  • Cisco Unified Integration for IBM Sametime
  • Cisco Unified Intelligent Contact Management Enterprise
  • Cisco Unified Operations Manager (CUOM)
  • Cisco Unified Web Interaction Manager
  • Cisco Unified Wireless IP Phone
  • Cisco Unified Workforce Optimization
  • Cisco Virtualization Experience Media Engine for Windows
  • Cisco Voice Portal (CVP)
  • xony VIM/CCDM/CCMP

  
  Video, Streaming, TelePresence, and Transcoding Devices
  

  • Cisco AnyRes Live (CAL)
  • Cisco AnyRes VOD (CAL)
  • Cisco Command 2000 Server (cmd2k) (RH Based)
  • Cisco D9824 Advanced Multi Decryption Receiver
  • Cisco D9854/D9854-I Advanced Program Receiver
  • Cisco D9858 Advanced Receiver Transcoder
  • Cisco D9859 Advanced Receiver Transcoder
  • Cisco D9865 Satellite Receiver
  • Cisco Digital Media Manager (DMM)
  • Cisco Digital Media Manager
  • Cisco Digital Media Players (DMP) 4300 Series
  • Cisco Digital Media Players (DMP) 4400 Series
  • Cisco Media Services Interface
  • Cisco Model D9485 DAVIC QPSK
  • Cisco Powerkey CAS Gateway (PCG)
  • Cisco Powerkey Encryption Server (PKES)
  • Cisco Show and Share
  • Cisco TelePresence Advanced Media Gateway Series
  • Cisco TelePresence Content Server (TCS)
  • Cisco TelePresence Exchange System (CTX)
  • Cisco TelePresence ISDN GW 3241
  • Cisco TelePresence ISDN GW MSE 8321
  • Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
  • Cisco TelePresence Management Suite (TMS)
  • Cisco TelePresence Management Suite Analytics Extension (TMSAE)
  • Cisco TelePresence Management Suite Extension (TMSXE)
  • Cisco TelePresence Management Suite Extension for IBM
  • Cisco TelePresence Management Suite Provisioning Extension
  • Cisco TelePresence Serial Gateway Series
  • Cisco TelePresence Server 8710, 7010
  • Cisco TelePresence Server on Multiparty Media 310, 320
  • Cisco TelePresence Server on Virtual Machine
  • Cisco TelePresence Supervisor MSE 8050
  • Cisco Transaction Encryption Device (TED)
  • Cisco VEN501 Wireless Access Point
  • Cisco Video Surveillance 3000 Series IP Cameras
  • Cisco Video Surveillance 4000 Series High-Definition IP Cameras
  • Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
  • Cisco Video Surveillance 6000 Series IP Cameras
  • Cisco Video Surveillance 7000 Series IP Cameras
  • Cisco Video Surveillance PTZ IP Cameras
  • Cisco Videoscape Conductor
  • Cisco Virtual PGW 2200 Softswitch
  • Tandberg Codian ISDN GW 3210/3220/3240
  • Tandberg Codian MSE 8320 model

  
  Wireless
  

  • Cisco 3G Femtocell Wireless
  • Cisco IOS Access Points
  • Cisco RF Gateway 1 (RFGW-1)
  • Cisco Wireless Control System (WCS)
  • Cisco Wireless LAN Controller (WLC)
  • Cisco Wireless Security Gateway Application (WSG)

  
  Cisco Hosted Services
  

  • Cisco Cloud Email Security
  • Cisco Cloud and Systems Management
  • Cisco Partner Supporting Service
  • Cisco Registered Envelope Service (CRES)
  • Cisco Smart Care
  • Cisco SmartConnection
  • Cisco SmartReports
  • Cisco Unified Services Delivery Platform (CUSDP)
  • Cisco WebEx Meeting Center
  • Cisco WebEx Node
  • Cisco WebEx11 Application Server
  • Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment
  • DCAF UCS Collector
  • Life Cycle Management Agent Manager (LCM)
  • MACD Process Controller (MPC)
  • Network Device Security Assessment
  • Partner Supporting Service (PSS) 1.x
  • Partner Supporting Service (PSS) 2.x
  • Sentinel
  • Serial Number Assessment Service (SNAS)
  • Small Cell factory recovery root filesystem V2.99.4 or later
  • Smart Net Total Care (SNTC)
  • WebEx PCNow
  • WebEx QuickBooks

  
  

Workarounds

• Mitigations that apply to the NAK-to-the-Future vulnerability involve preventing the device from processing NTP queries from untrusted hosts. In products that allow editing the ntp.conf file, this is accomplished by the notrust directive and configuring peer authentication. Other products may support ntp access-group commands that can be used to filter NTP queries to trusted hosts only. Potential workarounds for each affected Cisco product are referenced in the Cisco Bug ID workarounds section.
  

Fixed Software

• When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
  
  In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
  

Source

• These vulnerabilities were discovered by researchers from Boston University, Cisco Systems Inc., RedHat, Tenable Networks, and IDA.org.
  

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

Revision History

• Version	Description	Section	Status	Date
  2.8	Updated the Affected Products section.	Affected Products	Final	2016-January-27
  2.7	Updated information about first fixed releases.	Affected Products	Interim	2016-January-06
  2.6	Added link to Cisco IOS Software Checker. Moved the following products from Affected to Not Affected based on further evaluation: Cisco WebEx11 Application Server, Cisco Powerkey Encryption Server (PKES) and Cisco Transaction Encryption Device (TED).	Affected Products	Interim	2015-December-24
  2.5	Updated available fixed software releases. Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-December-18
  2.4	Moved Cisco IOS-XR for Cisco Network Convergence System (NCS) 6000 to the Products Confirmed Not Vulnerable section and changed the name to "Cisco IOS-XR and sysadmin for Cisco Network Convergence System (NCS) 6000."	Affected Products	Interim	2015-December-08
  2.3	Removed duplicate entry of "Cisco Virtual Topology System (formerly Virtual Systems Operations Center)."	Affected Products	Interim	2015-December-07
  2.2	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-December-02
  2.1	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections. Cisco IOS Affected versions and first fixed versions added to Cisco IOS Software Checker.	Affected Products	Interim	2015-November-24
  2.0	Moved Cisco IOS Software and Cisco IOS XE Software to the Affected Products section due to Kiss of Death (KoD) issues. Moved Cisco IOS XR Software from the Affected Products section to the Products Confirmed Not Vulnerable section after further investigation.	Affected Products	Interim	2015-November-16
  1.10	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-November-13
  1.9	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-November-09
  1.8	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-November-02
  1.7	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-30
  1.6	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-29
  1.5	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-28
  1.4	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-27
  1.3	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-26
  1.2	Moved products from Affected Products: Products Under Investigation to Affected Products: Vulnerable Products, and Affected Products: Products Confirmed Not Vulnerable sections.	Affected Products	Interim	2015-October-23
  1.1	Added products under investigation, known affected, and known not affected.	Affected products	Interim	2015-October-22
  1.0	Initial public release.	-	Interim	2015-October-21

  Show Complete History...