Cisco Security Advisory
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: January 2016
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:W/RC:C
-
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client's time. The vulnerabilities covered in this document are as follows:
- CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability
- CVE-2015-7974: Network Time Protocol Missing Trusted Key Check
- CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check
- CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames
- CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability
- CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service
- CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service
- CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
- CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp
- CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack
- CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop
Cisco has released software updates that address these vulnerabilities.
Workarounds that address some of these vulnerabilities may be available. Available workarounds will be documented in the corresponding Cisco bug for each affected product.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
-
Vulnerable Products
The following products are confirmed to be affected by one or more of the vulnerabilities disclosed as part of the January 19, 2016, NTP advisory.
Product Defect Fixed releases availability Collaboration and Social Media Cisco Jabber Guest 10.0(2) CSCux95226 10.6.11 (30-May-2016)
Cisco WebEx Node for MCS CSCux95087 2.10 (Available) Network Application, Service, and Acceleration Cisco Application Control Engine (ACE30/ ACE 4710) CSCux95091 Cisco Visual Quality Experience Server CSCux95155 Cisco Visual Quality Experience Tools Server CSCux95155 Cisco Wide Area Application Services (WAAS) CSCux95173 6.2.1 (July 2016) Network and Content Security Devices Cisco ASA CX and Cisco Prime Security Manager CSCux95174 9.3.4.5 (30-May-2016) Cisco Clean Access Manager CSCux95160 No fixed releases planned. Cisco FireSIGHT System Software CSCux95085 6.1 (June 2016) Cisco Identity Services Engine (ISE) CSCux95181 2.0.1 (15-Feb-2016) Cisco Intrusion Prevention System Solutions (IPS) CSCux95190 7.1(11) Patch 1 (31-Mar-2016)
7.3(05) Patch 1 (30-Apr-2016)Cisco NAC Guest Server CSCux95162 No fixed releases planned. Cisco NAC Server CSCux95161 No fixed releases planned. Cisco Physical Access Control Gateway CSCux95177 Cisco Physical Access Manager CSCux95178 Cisco Secure Access Control Server (ACS) CSCux95189 5.8 patch 2 (June 2016) Cisco Virtual Security Gateway for Microsoft Hyper-V CSCux95106 7.7 (July 2016) Network Management and Provisioning Cisco Network Analysis Module CSCuy07031 6.3.1 (31-Apr-2016) Cisco Policy Suite (CPS) CSCuy20663 9.1.0 (30-Apr-2016) Cisco Prime Collaboration Assurance CSCux95122 11.1 (19-Feb-2016) Cisco Prime Data Center Network Manager (.ova and .iso installers) CSCux95095 7.2(3) (9-Feb-2016) Cisco Prime Data Center Network Manager (.ova and .iso installers) CSCux95096 7.2(3) (9-Feb-2016) Cisco Prime Infrastructure Standalone Plug and Play Gateway CSCux95118 2.2(16) (5-Feb-2016) Cisco Prime LAN Management Solution (LMS - Solaris) CSCux95113 Cisco Prime License Manager CSCux95140 11.5.1 (June 2016) Cisco Prime Service Catalog Virtual Appliance CSCux95146 Update via admin shell. Cisco UCS Central CSCux95108 1.4(1b) (July 2016) Cisco Virtual Topology System (formally Virtual Systems Operations Center) CSCux95125 2.2 (31-Mar-2016) Unified Communications Deployment Tools CSCux95082 11.0 (15-Jun-2016) Routing and Switching - Enterprise and Service Provider Cisco 910 Industrial Router CSCux95192 A patch file will be available for affected releases (12-Feb-2016). Cisco Application Policy Infrastructure Controller (APIC) CSCux95097 2.0(1) (30-Jun-2016) Cisco Connected Grid Router CSCux95157 15.6(3)M (Available) Cisco IOS XR Software CSCux95126 Cisco IOS and Cisco IOS XE Software CSCux99025 Cisco MDS 9000 Series Multilayer Switches CSCux95100 7.3 (29-Feb-2016) Cisco MDS 9000 Series Multilayer Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 1000V Series Switches CSCux95103 Cisco Nexus 3000 Series Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 3000 Series Switches CSCux95102 7.3 (29-Feb-2016) Cisco Nexus 3500 Series Switches CSCux95105 7.3 (29-Feb-2016) Cisco Nexus 5000 Series Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 6000 Series Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 7000 Series Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 9000 Series Switches CSCux95101 7.3 (29-Feb-2016) Cisco Nexus 9000 Series Switches CSCux95102 7.3 (29-Feb-2016) Cisco Service Control Operating System CSCux95215 Fixed release pending OS vendor update. IOS-XR for Cisco Network Convergence System (NCS) 6000 CSCux90105 Unified Computing Cisco Common Services Platform Collector CSCux95077 1.9 (15-Feb-2016) Cisco Standalone rack server CIMC CSCux95110 2.0(11) (July 2016) Cisco UCS Director CSCux95093 5.5 (30-Apr-2016) Cisco UCS Invicta Series CSCux95098 5.0.1.2d (31-Mar-2016)
5.0.1.3c (31-Apr-2016)Cisco UCS Manager CSCux95107 3.1.2 (22-Jun-2016) Cisco Unified Computing System E-Series Blade Server CSCux95074 4.0.1 (July 2016) Voice and Unified Communications Devices Cisco 3G Femtocell Wireless CSCux95197 SR10MR (29-Jul-2016) Cisco Emergency Responder CSCux95222 No fixed releases planned. Cisco Finesse CSCux95221 Cisco Hosted Collaboration Mediation Fulfillment CSCux95224 11.5.0.98000-33 (23-Feb-2016) Cisco IM and Presence Service (CUPS) CSCux95223 Cisco IP Interoperability and Collaboration System (IPICS) CSCux95148 4.10(2) (31-Mar-2015) Cisco Management Heartbeat Server CSCux95200 RMS5.x MR (29-Jul-2016) Cisco MediaSense CSCux95229 No fixed releases planned. Cisco Quantum Virtualized Packet Core CSCux95076 20.2 (May 2016) Cisco Unified Communications Manager (UCM) CSCux95217 No fixed release planned. Cisco Unified Communications Manager Session Management Edition (SME) CSCux95217 No fixed release planned. Cisco Unified Sip Proxy CSCux95075 10.0 (September 2016) Cisco Unity Connection (UC) CSCux95218 Video, Streaming, TelePresence, and Transcoding Devices Cisco DCM Series 9900-Digital Content Manager CSCux95111 18.0 (31-Mar-2016) Cisco Digital Media Manager (DMM) CSCux95141 No fixes planned. Cisco Digital Media Manager CSCux95133 5.3.6 (7-Mar-2016)
5.3.6(RB1) (7-Mar-2016)
5.3.6(RB2) (7-Mar-2016)
5.4.0 (7-Mar-2016
5.4.1 (7-Mar-2016)
5.4.1(RB1) (7-Mar-2016)
5.4.1(RB2) (7-Mar-2016)
Cisco Edge 300 Digital Media Player CSCux95193 1.6RB4_4 (25-Feb-2016) Cisco Edge 340 Digital Media Player CSCux95195 0.18RC (21-Mar-2016) Cisco Enterprise Content Delivery System (ECDS) CSCux95135 2.6.7 (30-Apr-2016) Cisco Expressway Series CSCux95145 8.7.1(22-Feb-2016) Cisco International Digital Network Control System (iDNCS) CSCux95204 Cisco Media Experience Engines (MXE) CSCux95139 A patch file is available for affected releases. Cisco TelePresence 1310 CSCux95216 Cisco TelePresence Conductor CSCux95130 XC4.2 (30-Mar-2016) Cisco TelePresence EX Series CSCux95143 7.3.6 (31-Mar-2016)
8.1 (31-Mar-2016)
Cisco TelePresence ISDN Link CSCux95136 1.1.6 (31-Mar-2016) Cisco TelePresence MX Series CSCux95143 7.3.6 (31-Mar-2016)
8.1 (31-Mar-2016)
Cisco TelePresence Profile Series CSCux95143 7.3.6 (31-Mar-2016)
8.1 (31-Mar-2016)
Cisco TelePresence SX Series CSCux95143 7.3.6 (31-Mar-2016)
8.1 (31-Mar-2016)
Cisco TelePresence System 1000 CSCux95216 Cisco TelePresence System 1100 CSCux95216 Cisco TelePresence System 1300 CSCux95216 Cisco TelePresence System 3000 Series CSCux95216 Cisco TelePresence System 500-32 CSCux95216 Cisco TelePresence System 500-37 CSCux95216 Cisco TelePresence TX 9000 Series CSCux95216 Cisco TelePresence Video Communication Server (VCS) CSCux95145 8.7.1(22-Feb-2016) Cisco Telepresence Integrator C Series CSCux95143 7.3.6 (31-Mar-2016)
8.1 (31-Mar-2016)
Cisco Video Delivery System Recorder CSCux95153 A patch file will be available for affected releases on 30-Apr-2016. Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCux95154 4.3(1) (26-Feb-2016) Cisco Video Surveillance Media Server CSCux95180 7.7 (July 2016) Cisco Videoscape Policy and Resource Management CSCux95205 Affected systems have been patched. Cloud Object Store (COS) CSCux95152 3.8 (9-Apr-2016) Wireless Cisco Small Business 121 Series Wireless Access Points CSCux95186 1.0.7.1 (14-Oct-2016) Cisco Small Business 321 Series Wireless Access Points CSCux95186 1.0.7.1 (14-Oct-2016) Cisco Small Business 500 Series Wireless Access Points CSCux95184 1.2.2.1 (14-Oct-2016) Cisco WAP371 wireless access point CSCux95182 1.2.2.1 (14-Oct-2016) Cisco Hosted Services Cisco Cloud Services CSCux95129 1.6 (28-Feb-2016) Cisco Intelligent Automation for Cloud CSCux95147 No fixed releases planned. Cisco Universal Small Cell 5000 Series running V3.4.2.x software CSCux95198 Cisco Universal Small Cell 7000 Series running V3.4.2.x software CSCux95198 MACD Process Controller (MPC) CSCux95078 Network Change and Configuration Management CSCux95080 2.10 (15-Mar-2016)
2.11 (15-Jul-2016)Products Confirmed Not Vulnerable
Collaboration and Social Media
- Cisco MeetingPlace
- Cisco WebEx Meetings Server versions 1.x
- Cisco WebEx Meetings Server versions 2.x
Endpoint Clients and Client Software
- Cisco Agent for OpenFlow
- Cisco IP Communicator
- Cisco Jabber for Android
- Cisco Jabber for Mac
- Cisco Jabber for Windows
- Cisco Jabber for iOS
- Cisco NAC Agent for Mac
- Cisco NAC Agent for Web
- Cisco UC Integration for Microsoft Lync
- Cisco Virtualization Experience Media Engine
- Cisco WebEx Meetings for Android
- Cisco WebEx Meetings for BlackBerry
- Cisco WebEx Meetings for WP8
- Cisco WebEx Productivity Tools
- WebEx Recording Playback Client
Network Application, Service, and Acceleration
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Application and Content Networking System (ACNS)
- Cisco Extensible Network Controller (XNC)
- Cisco Firepower 9000 Security Module
- Cisco Nexus Data Broker (NDB)
- Content Services Switch
Network and Content Security Devices
- Cisco Adaptive Security Device Manager
- Cisco Email Security Appliance (ESA)
- Cisco Ironport WSA
- Cisco Security Management Appliance (SMA)
- Firepower 9000 Management Module
Network Management and Provisioning
- Cisco Access Registrar Appliance
- Cisco Application Networking Manager
- Cisco Connected Grid Device Manager
- Cisco Connected Grid Network Management System
- Cisco Insight Reporter
- Cisco Linear Stream Manager
- Cisco Multicast Manager
- Cisco Prime Access Registrar Appliance
- Cisco Prime Access Registrar
- Cisco Prime Analytics
- Cisco Prime Cable Provisioning
- Cisco Prime Central for SPs
- Cisco Prime Collaboration Provisioning
- Cisco Prime Home
- Cisco Prime IP Express
- Cisco Prime Infrastructure
- Cisco Prime Network Registrar (CPNR) virtual appliance
- Cisco Prime Network Registrar IP Address Manager (IPAM)
- Cisco Prime Network Services Controller
- Cisco Prime Network
- Cisco Prime Optical for SPs
- Cisco Prime Performance Manager
- Cisco Prime Provisioning for SPs
- Cisco Security Manager
- Cisco Unified Provisioning Manager (CUPM)
- CiscoWorks Network Compliance Manager
- Local Collector Appliance (LCA)
Routing and Switching - Enterprise and Service Provider
- CRS-CGSE-PLIM
- CRS-CGSE-PLUS
- Cisco ASR 9000 Series Integrated Service Module
- Cisco Broadband Access Center Telco Wireless
- Cisco Metro Ethernet 1200 Series Access Devices
- Cisco Nexus 4000 Series
- Cisco ONS 15454 Series Multiservice Provisioning Platforms
- Cisco OnePK All-in-One VM
- Cisco Service Control Application for Broadband
- Cisco Service Control Collection Manager
- Cisco Service Control Subscriber Manager
- Cisco VPN Acceleration Engine
Routing and Switching - Small Business
- Cisco Small Business AP500 Series Wireless Access Points
- Cisco Small Business RV 120W Wireless-N VPN Firewall
- Cisco Small Business RV Series Routers 0xxv3
- Cisco Small Business RV Series Routers RV110W
- Cisco Small Business RV Series Routers RV130x
- Cisco Small Business RV Series Routers RV215W
- Cisco Small Business RV Series Routers RV220W
- Cisco Small Business RV Series Routers RV315W
- Cisco Small Business RV Series Routers RV320
- Cisco Sx220 switches
- Cisco Sx300 switches
- Cisco Sx500 switches
Unified Computing
- Cisco UCS ADA
- Cisco Unified Computing System B-Series (Blade) Servers
- UCS IO Modules
Voice and Unified Communications Devices
- Cisco 190 ATA Series Analog Terminal Adaptor
- Cisco 7937 IP Phone
- Cisco 8800 Series IP Phones - VPN Feature
- Cisco ATA 187 Analog Telephone Adaptor
- Cisco Agent Desktop
- Cisco Broadband Access Center for Cable Tools Suite 4.1
- Cisco Broadband Access Center for Cable Tools Suite 4.2
- Cisco Computer Telephony Integration Object Server (CTIOS)
- Cisco DX Series IP Phones
- Cisco Desktop Collaboration Experience DX70 and DX80
- Cisco Packaged Contact Center Enterprise
- Cisco Paging Server (Informacast)
- Cisco Paging Server
- Cisco Prime Cable Provisioning Tools Suite 5.0
- Cisco Prime Cable Provisioning Tools Suite 5.1
- Cisco Remote Silent Monitoring
- Cisco SPA112 2-Port Phone Adapter
- Cisco SPA122 ATA with Router
- Cisco SPA232D Multi-Line DECT ATA
- Cisco SPA30X Series IP Phones
- Cisco SPA50X Series IP Phones
- Cisco SPA51X Series IP Phones
- Cisco SPA525G
- Cisco SPA8000 8-port IP Telephony Gateway
- Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
- Cisco TAPI Service Provider (TSP)
- Cisco Unified 3900 series IP Phones
- Cisco Unified 6901 IP Phones
- Cisco Unified 6945 IP Phones
- Cisco Unified 7800 Series IP Phones
- Cisco Unified 8831 series IP Conference Phone
- Cisco Unified 8961 IP Phone
- Cisco Unified 9951 IP Phone
- Cisco Unified 9971 IP Phone
- Cisco Unified Attendant Console Advanced
- Cisco Unified Attendant Console Business Edition
- Cisco Unified Attendant Console Department Edition
- Cisco Unified Attendant Console Enterprise Edition
- Cisco Unified Attendant Console Premium Edition
- Cisco Unified Attendant Console Standard
- Cisco Unified Client Services Framework
- Cisco Unified Communications Domain Manager
- Cisco Unified Contact Center Enterprise
- Cisco Unified E-Mail Interaction Manager
- Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
- Cisco Unified IP Phone 7900 Series
- Cisco Unified IP Phone 8941 and 8945 (SIP)
- Cisco Unified Intelligent Contact Management Enterprise
- Cisco Unified Operations Manager (CUOM)
- Cisco Unified Web Interaction Manager
- Cisco Unified Wireless IP Phone
- Cisco Unified Workforce Optimization
- Cisco Unity Express
- Cisco Virtualization Experience Media Engine for Windows
- Cisco Voice Portal (CVP)
- xony VIM/CCDM/CCMP
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco AnyRes Live (CAL)
- Cisco AnyRes VOD (CAL)
- Cisco D9824 Advanced Multi Decryption Receiver
- Cisco D9854/D9854-I Advanced Program Receiver
- Cisco D9858 Advanced Receiver Transcoder
- Cisco D9859 Advanced Receiver Transcoder
- Cisco D9865 Satellite Receiver
- Cisco DNCS Application Server (AppServer)
- Cisco Digital Media Players (DMP) 4300 Series
- Cisco Digital Media Players (DMP) 4400 Series
- Cisco Digital Transport Adapter Control System (DTACS)
- Cisco Media Services Interface
- Cisco Model D9485 DAVIC QPSK
- Cisco Powerkey CAS Gateway (PCG)
- Cisco Show and Share
- Cisco TelePresence Content Server (TCS)
- Cisco TelePresence Exchange System (CTX)
- Cisco TelePresence ISDN GW 3241
- Cisco TelePresence ISDN GW MSE 8321
- Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300)
- Cisco TelePresence Management Suite (TMS)
- Cisco TelePresence Management Suite Analytics Extension (TMSAE)
- Cisco TelePresence Management Suite Extension (TMSXE)
- Cisco TelePresence Management Suite Extension for IBM
- Cisco TelePresence Management Suite Provisioning Extension
- Cisco TelePresence Serial Gateway Series
- Cisco TelePresence Server 8710, 7010
- Cisco TelePresence Server on Multiparty Media 310, 320
- Cisco TelePresence Server on Virtual Machine
- Cisco TelePresence Supervisor MSE 8050
- Cisco Transaction Encryption Device (TED)
- Cisco VEN501 Wireless Access Point
- Cisco Video Surveillance 3000 Series IP Cameras
- Cisco Video Surveillance 4000 Series High-Definition IP Cameras
- Cisco Video Surveillance 4300E/4500E High-Definition IP Cameras
- Cisco Video Surveillance 6000 Series IP Cameras
- Cisco Video Surveillance 7000 Series IP Cameras
- Cisco Video Surveillance PTZ IP Cameras
- Cisco Videoscape Conductor
- Cisco Videoscape Control Suite
- Cisco Virtual PGW 2200 Softswitch
- Explorer Controller (EC) system
- Tandberg Codian ISDN GW 3210/3220/3240
- Tandberg Codian MSE 8320 model
Wireless
- Cisco IOS Access Points
- Cisco RF Gateway 1 (RFGW-1)
- Cisco Wireless LAN Controller (WLC)
- Cisco Wireless Security Gateway Application (WSG)
Cisco Hosted Services
- Cisco Cloud Email Security
- Cisco Cloud Web Security
- Cisco Cloud and Systems Management
- Cisco Partner Supporting Service
- Cisco Registered Envelope Service (CRES)
- Cisco Smart Care
- Cisco SmartConnection
- Cisco SmartReports
- Cisco Unified Services Delivery Platform (CUSDP)
- Cisco Universal Small Cell usc-iuh
- Cisco WebEx Meeting Center
- Cisco WebEx Node
- Communication/Collaboration Sizing Tool, Virtue Machine Placement Tool, Cisco Unified Communications Upgrade Readiness Assessment
- DCAF UCS Collector
- Life Cycle Management Agent Manager (LCM)
- Network Device Security Assessment
- Partner Supporting Service (PSS) 1.x
- Serial Number Assessment Service (SNAS)
- Small Cell factory recovery root filesystem V2.99.4 or later
-
Any workarounds will be documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool.
-
Information about fixed software will be documented in the Cisco bugs, which are accessible through the Cisco Bug Search Tool.
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
-
These vulnerabilities were discovered by researchers from Cisco Systems, Inc.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Status Date 1.5 Updated information about affected products. Affected Products Final 2016-March-07 1.4 Updated information about affected products. Affected Products Interim 2016-March-02 1.3 Updated information about affected products. Affected Products Interim 2016-February-19 1.2 Updated information about affected products. Affected Products Interim 2016-February-04 1.1 Updated to correct initial publishing date. - Interim 2016-January-27 1.0 Initial public release. - Interim 2016-January-27
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.