Guest

Preview Tool

Cisco Bug: CSCuw46401 - N9k NTP monlist vulnerability

Last Modified

Sep 24, 2018

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

7.0(3)I2(1.21)

Description (partial)

Symptom:
A vulnerability in Network Time Protocol (NTP) package of Cisco NX-OS Software and Cisco Multilayer Director Switch (MDS) could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on an affected device.

The vulnerability is due to processing of MODE_PRIVATE (Mode 7) NTP control messages which have a large amplification vector. An attacker could exploit this vulnerability by sending Mode 7 control requests to NTP servers and observing responses amplified up to 5500 times in size. An exploit could allow the attacker to cause a Denial of Service (DoS) condition where the affected NTP server is forced to process and respond with large response data.

Conditions:
This is a day 1 issue and all versions of NX-OS and MDS with support for NTP are vulnerable.

Cisco NX-OS Software and Cisco MDS switches are vulnerable to attacks utilizing Mode 7 NTP requests. Mode 7 requests can have amplification vector up to 5500.

To see if a device is configured with NTP, log into the device and issue the CLI command 
"show running-config | include ntp". If the output returns either of the following commands 
listed then the device is vulnerable:
    
        ntp master 
        ntp peer 
        ntp server 
        ntp broadcast client
        ntp multicast client
    
For a Cisco MDS switch to confirm the NTP feature is disabled:

        # show running-config | include "no feature ntp
        no feature ntp

Information about Cisco NX-OS and MDS Software release naming conventions is available in 
''White Paper: Cisco IOS and NX-OS Software Reference  Guide'' at the following link:  
http://www.cisco.com/web/about/security/intelligence/ios-ref.html
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.