Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server. On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows: CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability CVE-2015-7974: Network Time Protocol Missing Trusted Key Check CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: Security Notice Cisco has released software updates that address these vulnerabilities. Workarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Product | Defect | Fixed releases availability |
---|---|---|
Collaboration and Social Media | ||
Cisco Jabber Guest 10.0(2) | CSCux95226 | 10.6.11 (30-May-2016) |
Cisco WebEx Node for MCS | CSCux95087 | 2.10 (Available) |
Network Application, Service, and Acceleration | ||
Cisco Application Control Engine (ACE30/ ACE 4710) | CSCux95091 | |
Cisco Visual Quality Experience Server | CSCux95155 | |
Cisco Visual Quality Experience Tools Server | CSCux95155 | |
Cisco Wide Area Application Services (WAAS) | CSCux95173 | 6.2.1 (July 2016) |
Network and Content Security Devices | ||
Cisco ASA CX and Cisco Prime Security Manager | CSCux95174 | 9.3.4.5 (30-May-2016) |
Cisco Clean Access Manager | CSCux95160 | No fixed releases planned. |
Cisco FireSIGHT System Software | CSCux95085 | 6.1 (June 2016) |
Cisco Identity Services Engine (ISE) | CSCux95181 | 2.0.1 (15-Feb-2016) |
Cisco Intrusion Prevention System Solutions (IPS) | CSCux95190 | 7.1(11) Patch 1 (31-Mar-2016) 7.3(05) Patch 1 (30-Apr-2016) |
Cisco NAC Guest Server | CSCux95162 | No fixed releases planned. |
Cisco NAC Server | CSCux95161 | No fixed releases planned. |
Cisco Physical Access Control Gateway | CSCux95177 | |
Cisco Physical Access Manager | CSCux95178 | |
Cisco Secure Access Control Server (ACS) | CSCux95189 | 5.8 patch 2 (June 2016) |
Cisco Virtual Security Gateway for Microsoft Hyper-V | CSCux95106 | 7.7 (July 2016) |
Network Management and Provisioning | ||
Cisco Network Analysis Module | CSCuy07031 | 6.3.1 (31-Apr-2016) |
Cisco Policy Suite (CPS) | CSCuy20663 | 9.1.0 (30-Apr-2016) |
Cisco Prime Collaboration Assurance | CSCux95122 | 11.1 (19-Feb-2016) |
Cisco Prime Data Center Network Manager (.ova and .iso installers) | CSCux95095 | 7.2(3) (9-Feb-2016) |
Cisco Prime Data Center Network Manager (.ova and .iso installers) | CSCux95096 | 7.2(3) (9-Feb-2016) |
Cisco Prime Infrastructure Standalone Plug and Play Gateway | CSCux95118 | 2.2(16) (5-Feb-2016) |
Cisco Prime LAN Management Solution (LMS - Solaris) | CSCux95113 | |
Cisco Prime License Manager | CSCux95140 | 11.5.1 (June 2016) |
Cisco Prime Service Catalog Virtual Appliance | CSCux95146 | Update via admin shell. |
Cisco UCS Central | CSCux95108 | 1.4(1b) (July 2016) |
Cisco Virtual Topology System (formally Virtual Systems Operations Center) | CSCux95125 | 2.2 (31-Mar-2016) |
Unified Communications Deployment Tools | CSCux95082 | 11.0 (15-Jun-2016) |
Routing and Switching - Enterprise and Service Provider | ||
Cisco 910 Industrial Router | CSCux95192 | A patch file will be available for affected releases (12-Feb-2016). |
Cisco Application Policy Infrastructure Controller (APIC) | CSCux95097 | 2.0(1) (30-Jun-2016) |
Cisco Connected Grid Router | CSCux95157 | 15.6(3)M (Available) |
Cisco IOS XR Software | CSCux95126 | |
Cisco IOS and Cisco IOS XE Software | CSCux99025 | |
Cisco MDS 9000 Series Multilayer Switches | CSCux95100 | 7.3 (29-Feb-2016) |
Cisco MDS 9000 Series Multilayer Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 1000V Series Switches | CSCux95103 | |
Cisco Nexus 3000 Series Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 3000 Series Switches | CSCux95102 | 7.3 (29-Feb-2016) |
Cisco Nexus 3500 Series Switches | CSCux95105 | 7.3 (29-Feb-2016) |
Cisco Nexus 5000 Series Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 6000 Series Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 7000 Series Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 9000 Series Switches | CSCux95101 | 7.3 (29-Feb-2016) |
Cisco Nexus 9000 Series Switches | CSCux95102 | 7.3 (29-Feb-2016) |
Cisco Service Control Operating System | CSCux95215 | Fixed release pending OS vendor update. |
IOS-XR for Cisco Network Convergence System (NCS) 6000 | CSCux90105 | |
Unified Computing | ||
Cisco Common Services Platform Collector | CSCux95077 | 1.9 (15-Feb-2016) |
Cisco Standalone rack server CIMC | CSCux95110 | 2.0(11) (July 2016) |
Cisco UCS Director | CSCux95093 | 5.5 (30-Apr-2016) |
Cisco UCS Invicta Series | CSCux95098 | 5.0.1.2d (31-Mar-2016) 5.0.1.3c (31-Apr-2016) |
Cisco UCS Manager | CSCux95107 | 3.1.2 (22-Jun-2016) |
Cisco Unified Computing System E-Series Blade Server | CSCux95074 | 4.0.1 (July 2016) |
Voice and Unified Communications Devices | ||
Cisco 3G Femtocell Wireless | CSCux95197 | SR10MR (29-Jul-2016) |
Cisco Emergency Responder | CSCux95222 | No fixed releases planned. |
Cisco Finesse | CSCux95221 | |
Cisco Hosted Collaboration Mediation Fulfillment | CSCux95224 | 11.5.0.98000-33 (23-Feb-2016) |
Cisco IM and Presence Service (CUPS) | CSCux95223 | |
Cisco IP Interoperability and Collaboration System (IPICS) | CSCux95148 | 4.10(2) (31-Mar-2015) |
Cisco Management Heartbeat Server | CSCux95200 | RMS5.x MR (29-Jul-2016) |
Cisco MediaSense | CSCux95229 | No fixed releases planned. |
Cisco Quantum Virtualized Packet Core | CSCux95076 | 20.2 (May 2016) |
Cisco Unified Communications Manager (UCM) | CSCux95217 | No fixed release planned. |
Cisco Unified Communications Manager Session Management Edition (SME) | CSCux95217 | No fixed release planned. |
Cisco Unified Sip Proxy | CSCux95075 | 10.0 (September 2016) |
Cisco Unity Connection (UC) | CSCux95218 | |
Video, Streaming, TelePresence, and Transcoding Devices | ||
Cisco DCM Series 9900-Digital Content Manager | CSCux95111 | 18.0 (31-Mar-2016) |
Cisco Digital Media Manager (DMM) | CSCux95141 | No fixes planned. |
Cisco Digital Media Manager | CSCux95133 | 5.3.6 (7-Mar-2016) 5.3.6(RB1) (7-Mar-2016) 5.3.6(RB2) (7-Mar-2016) 5.4.0 (7-Mar-2016 5.4.1 (7-Mar-2016) 5.4.1(RB1) (7-Mar-2016) 5.4.1(RB2) (7-Mar-2016) |
Cisco Edge 300 Digital Media Player | CSCux95193 | 1.6RB4_4 (25-Feb-2016) |
Cisco Edge 340 Digital Media Player | CSCux95195 | 0.18RC (21-Mar-2016) |
Cisco Enterprise Content Delivery System (ECDS) | CSCux95135 | 2.6.7 (30-Apr-2016) |
Cisco Expressway Series | CSCux95145 | 8.7.1(22-Feb-2016) |
Cisco International Digital Network Control System (iDNCS) | CSCux95204 | |
Cisco Media Experience Engines (MXE) | CSCux95139 | A patch file is available for affected releases. |
Cisco TelePresence 1310 | CSCux95216 | |
Cisco TelePresence Conductor | CSCux95130 | XC4.2 (30-Mar-2016) |
Cisco TelePresence EX Series | CSCux95143 | 7.3.6 (31-Mar-2016) 8.1 (31-Mar-2016) |
Cisco TelePresence ISDN Link | CSCux95136 | 1.1.6 (31-Mar-2016) |
Cisco TelePresence MX Series | CSCux95143 | 7.3.6 (31-Mar-2016) 8.1 (31-Mar-2016) |
Cisco TelePresence Profile Series | CSCux95143 | 7.3.6 (31-Mar-2016) 8.1 (31-Mar-2016) |
Cisco TelePresence SX Series | CSCux95143 | 7.3.6 (31-Mar-2016) 8.1 (31-Mar-2016) |
Cisco TelePresence System 1000 | CSCux95216 | |
Cisco TelePresence System 1100 | CSCux95216 | |
Cisco TelePresence System 1300 | CSCux95216 | |
Cisco TelePresence System 3000 Series | CSCux95216 | |
Cisco TelePresence System 500-32 | CSCux95216 | |
Cisco TelePresence System 500-37 | CSCux95216 | |
Cisco TelePresence TX 9000 Series | CSCux95216 | |
Cisco TelePresence Video Communication Server (VCS) | CSCux95145 | 8.7.1(22-Feb-2016) |
Cisco Telepresence Integrator C Series | CSCux95143 | 7.3.6 (31-Mar-2016) 8.1 (31-Mar-2016) |
Cisco Video Delivery System Recorder | CSCux95153 | A patch file will be available for affected releases on 30-Apr-2016. |
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) | CSCux95154 | 4.3(1) (26-Feb-2016) |
Cisco Video Surveillance Media Server | CSCux95180 | 7.7 (July 2016) |
Cisco Videoscape Policy and Resource Management | CSCux95205 | Affected systems have been patched. |
Cloud Object Store (COS) | CSCux95152 | 3.8 (9-Apr-2016) |
Wireless | ||
Cisco Small Business 121 Series Wireless Access Points | CSCux95186 | 1.0.7.1 (14-Oct-2016) |
Cisco Small Business 321 Series Wireless Access Points | CSCux95186 | 1.0.7.1 (14-Oct-2016) |
Cisco Small Business 500 Series Wireless Access Points | CSCux95184 | 1.2.2.1 (14-Oct-2016) |
Cisco WAP371 wireless access point | CSCux95182 | 1.2.2.1 (14-Oct-2016) |
Cisco Hosted Services | ||
Cisco Cloud Services | CSCux95129 | 1.6 (28-Feb-2016) |
Cisco Intelligent Automation for Cloud | CSCux95147 | No fixed releases planned. |
Cisco Universal Small Cell 5000 Series running V3.4.2.x software | CSCux95198 | |
Cisco Universal Small Cell 7000 Series running V3.4.2.x software | CSCux95198 | |
MACD Process Controller (MPC) | CSCux95078 | |
Network Change and Configuration Management | CSCux95080 | 2.10 (15-Mar-2016) 2.11 (15-Jul-2016) |
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.5 | Updated information about affected products. | Affected Products | Final | 2016-March-07 |
1.4 | Updated information about affected products. | Affected Products | Interim | 2016-March-02 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.