Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to bypass authentication controls or to create a denial of service (DoS) condition. On April 7, 2015, NTP.org and US-CERT released a security advisory dealing with two issues regarding bypass of authentication controls. These vulnerabilities are referenced in this document as follows: - CVE-2015-1798: NTP Authentication bypass vulnerability - CVE-2015-1799: NTP Authentication doesn't protect symmetric associations against DoS attacks Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
See the referenced vendor advisory for a solution.