Cisco Bug: CSCvi50061 - Evaluate NTP February 2018 Vulnerabilities.
Dec 13, 2018
- Cisco IOS
- Cisco Catalyst 3650-12X48UR-L Switch
- Cisco Catalyst 3850-24P-L Switch
- Cisco 812 CiFi Integrated Services Router
- Cisco Catalyst 3850-24U-L Switch
- Cisco Catalyst 3850-48XS-E Switch
- Cisco Catalyst 3850-16XS-S Switch
- Cisco Catalyst 3650-8X24UQ-E Switch
- Cisco VG204XM Analog Voice Gateway
- Cisco Catalyst 3850-24U-S Switch
Known Affected Releases
Symptom: This product includes a version of ntpd that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs: CVE-2016-1549, CVE-2018-7182 , CVE-2018-7170, CVE-2018-7184, CVE-2018-7185 This bug has been opened to address the potential impact on this product. Conditions: Device configured with NTP CVE-2018-7182 / VU#961909: ctl_getitem(): buffer read overrun leads to undefined behavior and information leak This issue occurred due the fix of Bug 3008 / CVE-2016-2519 and cisco has own implementation for this API and wonât be impact on Cisco IOS/IOS-XE. CVE-2018-7184 / VU#961909: Interleaved symmetric mode cannot recover from bad state This issue is regression with fix CVE-2015-8138 & CVE-2016-7431 and We have already addressed the issue correctly using the bug id CSCvc23569 CVE-2018-7185 / VU#961909: Unauthenticated packet can reset authenticated interleaved association We have already addressed this issue with bug id CSCux99025 but it looks having the partial fix. CVE-2018-7183 / VU#961909: ntpq:decodearr() can write beyond its buffer limit ntpq is not supported for cisco IOS/IOS-XE CVE-2016-1549 / VU#961909: Sybil vulnerability: ephemeral association attack LOW: Sec 3415 / CVE-2018-7170 / VU#961909: Multiple authenticated ephemeral associations Both CVE-2016-1549 & CVE-2018-7170 are similar issues and pending impact on cisco IOS/IOS-XE.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases