NTP Vulnerability - Cisco Systems

This script is (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Network Time Protocol (NTP) is used to synchronize time on multiple
devices. A vulnerability has been discovered in the NTP daemon query
processing functionality. This vulnerability has been publicly
announced.

Other Cisco software applications may run on Solaris platforms and
where those products have not specifically been identified, customers
should install security patches regularly in accordance with their
normal maintenance procedures.
Cisco is continuing to research this issue in other products that may
be affected. Unless explicitly stated otherwise, all other products are
considered to be unaffected.
There are workarounds available to mitigate the effects.

See also :

http://www.nessus.org/u?b4069e30
http://www.nessus.org/u?475312f5
http://www.nessus.org/u?a36247d0

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20020508-ntp-vulnerability.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 48965 (cisco-sa-20020508-ntp-vulnerabilityhttp.nasl)

Bugtraq ID: 2540

CVE ID: CVE-2001-0414

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now