Guest

Preview Tool

Cisco Bug: CSCum52148 - Distributed reflective denial-of-service vulnerability on NTP server

Last Modified

Nov 11, 2020

Products (2)

  • CiscoPro Workgroup EtherSwitch Software
  • CiscoPro Workgroup EtherSwitch Software

Known Affected Releases

6.0(2) 6.2(9a) 7.2(1)ZN(0.30)

Description (partial)

Symptom:
A vulnerability in Network Time Protocol (NTP) package of Cisco NX-OS Software and Cisco Multilayer Director Switch (MDS) could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on an affected device.
 
 The vulnerability is due to processing of MODE_PRIVATE (Mode 7) NTP control messages which have a large amplification vector. An attacker could exploit this vulnerability by sending Mode 7 control requests to NTP servers and observing responses amplified up to 5500 times in size. An exploit could allow the attacker to cause a Denial of Service (DoS) condition where the affected NTP server is forced to process and respond with large response data.

Conditions:
This is a day 1 issue and all versions of NX-OS and MDS with support for NTP are vulnerable.
 
 Fixed Software: 
 
 This bug will apply to the Cisco Nexus 7000 (N7K), Cisco Nexus 6000 (N6K), Cisco Nexus 5000 (N5K)
 and Cisco Multilayer Director Switch (MDS) and the fix is currently targeted for a release towards the end of 
 CY2015.
 
 Cisco NX-OS Software and Cisco MDS switches are vulnerable to attacks utilizing Mode 7 NTP requests. Mode 7 requests can have amplification vector up to 5500.
 
 To see if a device is configured with NTP, log into the device and issue the CLI command 
 "show running-config | include ntp". If the output returns either of the following commands 
 listed then the device is vulnerable:
     
         ntp master 
         ntp peer 
         ntp server 
         ntp broadcast client
         ntp multicast client
     
 For a Cisco MDS switch to confirm the NTP feature is disabled:
 
         # show running-config | include "no feature ntp
         no feature ntp
 
 Information about Cisco NX-OS and MDS Software release naming conventions is available in 
 ''White Paper: Cisco IOS and NX-OS Software Reference  Guide'' at the following link:  
 http://www.cisco.com/web/about/security/intelligence/ios-ref.html

Related Community Discussions

Nexus シリーズ: NTP Control Mode Packet や NTP Private Mode Packet を破棄したことを示すログが出力される
2018年4月20日 (初版) TAC SR Collection 主な問題  NX-OSのアップグレード後から、NTP Control Mode  (mode 6)  Packet や | NTP Private Mode (mode 7)  Packet  | を破棄したことを示す下記のログが出力されることがあります。 % | DAEMON-3-SYSTEM_MSG: NTP Receive dropping message: Received NTP control mode packet. Drop count: XX - ntpd[XXXX] %DAEMON-3-SYSTEM_MSG: NTP Receive dropping message: Received NTP private mode packet. Drop count: XX - ntpd[XXXX]  原因 本ログは、  NTP  の脆弱性 | CVE-2013-5211  の対策のための  <key>CSCum52148</key>   の改修により出力されるようになったログとなります。  <key>CSCum52148</key> が改修済みの  NX-OS ...
Latest activity: Apr 19, 2018
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.