Cisco Bug: CSCus26891 - December 2014 - NTPd.org Vulnerabilities
Jan 29, 2017
- Cisco IPICS Server Software
Known Affected Releases
Symptom: Symptoms: Cisco IP Interoperability and Collaboration System (IPICS) includes a version of NTPd that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 and CVE-2014-9296 This product only allows processing of NTP control messages locally. Please consult http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141222-ntpd for further information. Conditions: Affects IPICS 4.0(1), 4.0(2), 4.5(1), 4.5(2), 4.6(1), 4.7(1), 4.8(1), 4.8(2) NTP is required by IPICS if you use the High Availability (HA) feature. We are working on an OS patch called "ipics-os-security_patch-8.0-0_el5.bin" that will fix this, as well as other recent vulnerabilities. We expect it to be available on CCO by Feb 15, 2015. Customers running IPICS 4.0(x) or earlier will need to upgrade IPICS to a newer release.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases