Cisco Bug: CSCun84924 - SocialMiner Distributed denial-of-service vulnerability on NTP server
Last Modified
Jan 15, 2020
Products (1)
- Cisco SocialMiner
Known Affected Releases
10.0(1)
Description (partial)
Symptom: A vulnerability in Network Time Protocol (NTP) package of Cisco SocialMiner Software could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on an affected device. The vulnerability is due to processing of MODE_PRIVATE (Mode 7) NTP control messages which have a large amplification vector. An attacker could exploit this vulnerability by sending Mode 7 control requests to NTP servers and observing responses amplified up to 5500 times in size. An exploit could allow the attacker to cause a Denial of Service (DoS) condition where the affected NTP server is forced to process and respond with large response data. Conditions: All releases
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Status
- Severity
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases