Cisco NTP ntpd readvar Variable Remote Overflow (CSCdt93866)

critical Nessus Plugin ID 10982


The remote device is missing a vendor-supplied security patch


By sending a crafted NTP control packet, it is possible to trigger a buffer overflow in the NTP daemon. This vulnerability can be exploited remotely. The successful exploitation may cause arbitrary code to be executed on the target machine.

This vulnerability is documented as Cisco Bug ID CSCdt93866.

An attacker may use this flaw to execute arbitrary code on the remote host (although it's not believed to be doable)


Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20020508-ntp-vulnerability.

See Also

Plugin Details

Severity: Critical

ID: 10982

File Name: CSCdt93866.nasl

Version: 1.24

Type: local

Family: CISCO

Published: 6/5/2002

Updated: 3/27/2020

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: SNMP/community, SNMP/sysDesc, CISCO/model

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/4/2001

Exploitable With

Metasploit (NTP Daemon readvar Buffer Overflow)

Reference Information

CVE: CVE-2001-0414

BID: 2540