Cisco Security Advisory
Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
-
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.
On November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.
The new vulnerabilities disclosed in this document are as follows:
- Network Time Protocol Trap Service Denial of Service Vulnerability
- Network Time Protocol Broadcast Mode Denial of Service Vulnerability
- Network Time Protocol Broadcast Mode Denial of Service Vulnerability
- Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability
- Network Time Protocol Configuration Modification Denial of Service Vulnerability
- Network Time Protocol mrulist Query Requests Denial of Service Vulnerability
- Network Time Protocol Multiple Binds to the Same Port Vulnerability
- Network Time Protocol Rate Limiting Denial of Service Vulnerability
As well as:Additional details about each vulnerability are in the NTP Consortium Security Notice.
- Regression of CVE-2015-8138
- Network Time Protocol Reboot sync calculation problem
Workarounds that address one or more of these vulnerabilities may be available and are documented in the Cisco bug for each affected product.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd
-
Vulnerable Products
The following table lists Cisco products that are affected by one or more of the vulnerabilities described in this advisory.
Product Cisco Bug ID Fixed Release Availability Collaboration and Social Media Cisco SocialMiner CSCvc32449 11.6.1 (15-Jun-2017) Cisco Unified MeetingPlace CSCvc23583 Cisco WebEx Node for MCS CSCvc23453 Endpoint Clients and Client Software Cisco Jabber Guest CSCvc23580 11.0.1 (28-Feb-2017) Network Application, Service, and Acceleration Cisco Application and Content Networking System (ACNS) CSCvc23530 No further releases planned
contact TAC for upgrade instructions.Cisco Visual Quality Experience Server CSCvc23525 Cisco Visual Quality Experience Tools Server CSCvc23525 Cisco Wide Area Application Services (WAAS) CSCvc23536 6.3.1 (31-Mar-2017) Network and Content Security Devices Cisco Content Security Appliance Update Servers CSCvc23452 Cisco FireSIGHT System Software CSCvc23451 5.4.0.10 (15-Feb-2017)
6.0.1.4 (15-Mar-2017)
6.1.0.2 (15-Feb-2017)Cisco Identity Services Engine (ISE) CSCvc23545 2.2 (21-Dec-2016) Cisco Secure Access Control System (ACS) CSCvc23550 No fixed releases planned. Cisco Virtual Security Gateway for Microsoft Hyper-V CSCvc23475 5.2(1)VSG2(2.1) (30-Mar-2017) Network Management and Provisioning Cisco Application Networking Manager CSCvc23458 No fixed release planned. Cisco Evolved Programmable Network Manager CSCvc23493 No fixed release planned. Cisco Network Analysis Module CSCvc23484 Cisco Policy Suite CSCvc45288 12.0 (3-Mar-2017) Cisco Prime Collaboration Provisioning CSCvc23489 12.1 (23-Feb-2017) Cisco Prime Data Center Network Manager CSCvc23464 Cisco Prime Infrastructure Plug and Play Standalone Gateway CSCvc23485 No further releases planned
contact TAC for upgrade information.Cisco Prime Infrastructure CSCvc23487 No fixed release planned. Cisco Prime LAN Management Solution - Solaris CSCvc23482 4.2.5 MR3 (Available)
4.2.5 MR4 (15-Mar-2017)Cisco Prime License Manager CSCvc23506 Cisco Prime Service Catalog Virtual Appliance CSCvc23513 Cisco UCS Central Software CSCvc23477 2.0(1a) (30-Mar-2017) Cisco Unified Communications Deployment Tools CSCvc23447 Cisco Unified Intelligence Center CSCvc32447 11.6(1) (June 2017) Routing and Switching - Enterprise and Service Provider Cisco Application Policy Infrastructure Controller (APIC) CSCvc23465 2.2(2) (30-Apr-2017) Cisco Connected Grid Routers CSCvc23527 15.6(3)M2 (23-Jan-2017) Cisco IOS XR Software CSCvc23494 6.5.1 (31-Jul-2018) Cisco IOS and Cisco IOS XE Software CSCvc23569 Cisco MDS 9000 Series Multilayer Switches CSCvc23468 MDS - 6.2.19 (28-Feb-2017)
3k - 7.0(3)I2 (5)
7.0(3)I4 (6)
7.0(3)I5 (31-Jan-2017)
5500 - 7.3.2 (April 2017)
7k - 6.2.18 (31-Jan-2017)
8.1.1 (April 2017)Cisco Nexus 1000V Series Switches CSCvc23471 5.2(1)SV3(2.15) (28-Feb-2017) Cisco Nexus 3000 Series Switches CSCvc23472 Its 6.0(2)U6(9) (15-Jan-2016) Cisco Nexus 5000 Series Switches CSCvc23468 MDS - 6.2.19 (28-Feb-2017)
3k - 7.0(3)I2 (5)
7.0(3)I4 (6)
7.0(3)I5 (31-Jan-2017)
5500 - 7.3.2 (April 2017)
7k - 6.2.18 (31-Jan-2017)
8.1.1 (April 2017)Cisco Nexus 6000 Series Switches CSCvc23468 MDS - 6.2.19 (28-Feb-2017)
3k - 7.0(3)I2 (5)
7.0(3)I4 (6)
7.0(3)I5 (31-Jan-2017)
5500 - 7.3.2 (April 2017)
7k - 6.2.18 (31-Jan-2017)
8.1.1 (April 2017)Cisco Nexus 7000 Series Switches CSCvc23468 MDS - 6.2.19 (28-Feb-2017)
3k - 7.0(3)I2 (5)
7.0(3)I4 (6)
7.0(3)I5 (31-Jan-2017)
5500 - 7.3.2 (April 2017)
7k - 6.2.18 (31-Jan-2017)
8.1.1 (April 2017)Cisco Nexus 9000 Series Switches CSCvc23468 MDS - 6.2.19 (28-Feb-2017)
3k - 7.0(3)I2 (5)
7.0(3)I4 (6)
7.0(3)I5 (31-Jan-2017)
5500 - 7.3.2 (April 2017)
7k - 6.2.18 (31-Jan-2017)
8.1.1 (April 2017)Cisco Service Control Operating System CSCvc23570 Patches will be available by 28-Feb-2017. Cisco Virtual Security Gateway for Microsoft Hyper-V CSCvc23471 5.2(1)SV3(2.15) (28-Feb-2017) Routing and Switching - Small Business Cisco DPH150 Series MicroCells CSCvc23558 SR10 MR2 (Available)
5.2 (Available)
5.2 HF1 (Available)
Unified Computing Cisco Common Services Platform Collector CSCvc23440 1.11 (14-Jan-2017) Cisco UCS 6200 Series Fabric Interconnects CSCvc23476 3.1.3 (27-Mar-2017) Cisco UCS Director CSCvc23463 6.5 (31-May-2017) Cisco UCS E-Series Servers CSCvc23436 3.1.4 (April 2017) Cisco UCS Manager CSCvc23476 3.1.3 (27-Mar-2017) Cisco UCS Standalone C-Series Rack Server - Integrated Management Controller CSCvc23478 Voice and Unified Communications Devices Cisco 3G Femtocell Wireless CSCvc23561 SR10 MR2 (Available)
5.2 (Available)
5.2 HF1 (Available)Cisco Emergency Responder CSCvc23575 No fixed releases planned.
Cisco Finesse CSCvc32452 No fixed releases planned. Cisco Hosted Collaboration Mediation Fulfillment CSCvc23578 11.5.1 (22-Dec-2016) Cisco IP Interoperability and Collaboration System (IPICS) CSCvc23517 5.0(2) (15-Apr-2017) Cisco Management Heartbeat Server CSCvc23565 5.2 HF1 (31-Mar-2017)
SR10 MR2 (31-Mar-2017)
Cisco MediaSense CSCvc32453 11.6.1 (30-Jun-2017) Cisco Paging Server (InformaCast) CSCvc23579 12.0.2 (July 2017) Cisco Paging Server CSCvc23579 12.0.2 (July 2017) Cisco Quantum Virtualized Packet Core CSCvc23438 Cisco Unified Communications Domain Manager 10.x CSCvc22942 No fixed releases planned. Cisco Unified Communications Domain Manager 8.x CSCvc23585 No fixed releases planned. Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) CSCvc23576 No fixed releases planned. Cisco Unified Communications Manager Session Management Edition CSCvc23572 No fixed releases planned. Cisco Unified Communications Manager CSCvc23572 No fixed releases planned. Cisco Unified Contact Center Express CSCvc32450 No fixed releases planned. Cisco Unified SIP Proxy Software CSCvc23437 Cisco Unity Connection CSCvc23574 No fixed releases planned. Cisco Unity Express CSCvc23435 10.0 (31-Aug-2017) Cisco Virtualized Voice Browser CSCvc32454 No fixed releases planned. Video, Streaming, TelePresence, and Transcoding Devices Cisco 910 Industrial Router CSCvc23554 1.2.1RB4 (Available) Cisco Cloud Object Storage CSCvc23519 3.12.1 (30-Mar-2017) Cisco DCM Series D990x Digital Content Manager CSCvc23481 20.0.0 (31-Mar-2017)
5.0.0 (28-Feb-2017)Cisco Digital Media Manager CSCvc23502 No fixes planned
contact Cisco TAC for upgrade information.Cisco Edge 300 Digital Media Player CSCvc23555 1.6RB5_1 (23-Dec-2016) Cisco Edge 340 Digital Media Player CSCvc23556 1.2RB1.0.4 (23-Dec-2016) Cisco Enterprise Content Delivery System (ECDS) CSCvc23503 2.6.9 (15-Jan-2017) Cisco Expressway Series CSCvc23512 8.9.1 (31-Jan-2017) Cisco MXE 3500 Series Media Experience Engines CSCvc23505 No fixed release planned. Cisco Show and Share CSCvc23508 No further releases planned. Cisco TelePresence Conductor CSCvc23500 Cisco TelePresence ISDN Link CSCvc23504 1.1.7 (June 2017) Cisco TelePresence MX Series CSCvc23510 Cisco TelePresence Profile Series CSCvc23510 Cisco TelePresence SX Series CSCvc23510 Cisco TelePresence System 1000 CSCvc23571 Cisco TelePresence System 1100 CSCvc23571 Cisco TelePresence System 1300 CSCvc23571 Cisco TelePresence System 3000 Series CSCvc23571 Cisco TelePresence System 500-32 CSCvc23571 Cisco TelePresence System 500-37 CSCvc23571 Cisco TelePresence System EX Series CSCvc23510 Cisco TelePresence System TX1310 CSCvc23571 Cisco TelePresence TX9000 Series CSCvc23571 Cisco TelePresence Video Communication Server (VCS) CSCvc23512 8.9.1 (31-Jan-2017) Cisco Telepresence Integrator C Series CSCvc23510 Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) CSCvc23524 4.3.2 (15-Jan-2017) Cisco Video Surveillance Media Server CSCvc23543 7.10 (30-Mar-2017) Cisco Videoscape Distribution Suite Transparent Caching CSCvc23566 Cisco Videoscape Distribution Suite Video Recording CSCvc23522 4.1.6 (20-Apr-2017)
4.1.5 (Available)
Wireless Cisco Mobility Services Engine/Cisco Connected Mobile Experiences CSCvc28961 No fixed release planned. Cisco Small Business 100 Series Wireless-N Access Points CSCvc23548 Cisco Small Business 300 Series Wireless-N Access Points CSCvc23548 Cisco Small Business 500 Series Wireless Access Points CSCvc23547 Cisco WAP371 Wireless-AC/N Access Point CSCvc23546 Cisco Hosted Services Cisco Business Video Services Automation Software CSCvc23439 Cisco Cloud Services CSCvc23499 Cisco Network Health Framework CSCvc23567 Cisco Network Performance Analysis CSCvc23568 Cisco Prime Network Change and Configuration Management CSCvc23444 3.1 24-Mar-2017)
3.2 (24-Apr-2017)Cisco Proactive Network Operations Center CSCvc23445 No fixes planned
contact Cisco TAC for upgrade information.Cisco Registered Envelope Service CSCvc23448 No fixed release planned. Cisco Service Lifecycle Information Manager (SLIM) CSCvc23455 Cisco Services Provisioning Platform CSCvc23587 Cisco Smart Care CSCvc23532 No further releases planned
contact TAC for upgrade instructions.Cisco Unified MeetingPlace - WebEx Node for MCS CSCvc23582 Cisco Universal Small Cell 5000 Series - Running Release 3.4.2.x CSCvc23562 3.5.12.23 (31-Jan-2017) Cisco Universal Small Cell 7000 Series - Running Release 3.4.2.x CSCvc23562 3.5.12.23 (31-Jan-2017) Cisco WebEx Messenger Service CSCvc23454 Products Confirmed Not Vulnerable
Cisco has confirmed that this vulnerability does not affect the following Cisco products.
Collaboration and Social Media
- Cisco WebEx Meetings Server Release 1.x
- Cisco WebEx Meetings Server Release 2.x
Endpoint Clients and Client Software
- Cisco Agent for OpenFlow
- Cisco IP Communicator
- Cisco NAC Agent for Mac
- Cisco NAC Web Agent
- Cisco UC Integration for Microsoft Lync
- Cisco Virtualization Experience Client 6215
- Cisco WebEx Business Suite
- Cisco WebEx Meetings Client - Hosted
- Cisco WebEx Meetings for Android
- Cisco WebEx Meetings for BlackBerry
- Cisco WebEx Meetings for Windows Phone 8
- Cisco WebEx Productivity Tools
Network Application, Service, and Acceleration
- Cisco Extensible Network Controller (XNC)
- Cisco Nexus Data Broker
Network and Content Security Devices
- Cisco ASA Next-Generation Firewall Services
- Cisco Adaptive Security Appliance (ASA) Software
- Cisco Adaptive Security Device Manager
- Cisco Content Security Management Appliance (SMA)
- Cisco Email Security Appliance (ESA)
- Cisco Web Security Appliance (WSA)
Network Management and Provisioning
- Cisco Access Registrar Appliance
- Cisco Connected Grid Device Manager
- Cisco Connected Grid Network Management System
- Cisco Insight Reporter
- Cisco Linear Stream Manager
- Cisco Multicast Manager
- Cisco Prime Access Registrar Appliance
- Cisco Prime Access Registrar
- Cisco Prime Cable Provisioning
- Cisco Prime Central for Service Providers
- Cisco Prime Collaboration Assurance
- Cisco Prime Home
- Cisco Prime IP Express
- Cisco Prime Network Registrar IP Address Manager (IPAM)
- Cisco Prime Network Registrar Virtual Appliance
- Cisco Prime Network Services Controller
- Cisco Prime Network
- Cisco Prime Optical for Service Providers
- Cisco Prime Performance Manager
- Cisco Prime Provisioning for Service Providers
- Cisco Security Manager
- Cisco Smart Net Total Care - Local Collector appliance
- CiscoWorks Network Compliance Manager
Routing and Switching - Enterprise and Service Provider
- Cisco ASR 9000 Series Integrated Service Modules
- Cisco Broadband Access Center for Telco and Wireless
- Cisco CRS Carrier Grade Services Engine CRS-CGSE-PLIM Module
- Cisco Nexus 4000 Series Blade Switches
- Cisco ONS 15454 Series Multiservice Provisioning Platforms
- Cisco Service Control Application for Broadband
- Cisco Service Control Collection Manager
- Cisco Service Control Subscriber Manager
- Cisco VPN Acceleration Module
Routing and Switching - Small Business
- Cisco 220 Series Smart Plus (Sx220) Switches
- Cisco 500 Series Stackable (Sx500) Managed Switches
- Cisco RV042 Dual WAN VPN Router
- Cisco RV042G Dual Gigabit WAN VPN Router
- Cisco Small Business 300 Series (Sx300) Managed Switches
- Cisco Small Business AP500 Series Wireless Access Points
- Cisco Small Business RV Series RV110W Wireless-N VPN Firewall
- Cisco Small Business RV Series RV120W Wireless-N VPN Firewall
- Cisco Small Business RV Series RV215W Wireless-N VPN Router
- Cisco Small Business RV Series RV220W Wireless Network Security Firewall
- Cisco Small Business RV Series RV315W Wireless-N VPN Router
- Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router
- Cisco Small Business RV130 Series VPN Routers
Unified Computing
- Cisco UCS Accelerated Deployment Assistant
- Cisco UCS B-Series Blade Servers
- Cisco UCS Fabric Extender Module
Voice and Unified Communications Devices
- Cisco ATA 187 Analog Telephone Adaptor
- Cisco ATA 190 Series Analog Terminal Adaptors
- Cisco Agent Desktop
- Cisco Broadband Access Center for Cable Tools Suite 4.1
- Cisco Broadband Access Center for Cable Tools Suite 4.2
- Cisco Computer Telephony Integration Object Server (CTIOS)
- Cisco Contact Center Domain Manager (CCDM)
- Cisco Contact Center Management Portal (CCMP)
- Cisco DX Series Collaboration Endpoints
- Cisco DX Series IP Phones
- Cisco IP 7800 Series Phones
- Cisco IP 8800 Series Phones - VPN feature
- Cisco Packaged Contact Center Enterprise
- Cisco Prime Cable Provisioning 5.0
- Cisco Prime Cable Provisioning 5.1
- Cisco Remote Silent Monitoring
- Cisco SPA112 2-Port Phone Adapter
- Cisco SPA122 Analog Telephone Adapter (ATA) with Router
- Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA)
- Cisco SPA51x IP Phones
- Cisco SPA525G 5-Line IP Phone
- Cisco SPA8000 8-Port IP Telephony Gateway
- Cisco SPA8800 IP Telephony Gateway with 4 FXS and 4 FXO Ports
- Cisco Small Business SPA300 Series IP Phones
- Cisco Small Business SPA500 Series IP Phones
- Cisco TAPI Service Provider (TSP)
- Cisco Unified Attendant Console Advanced
- Cisco Unified Attendant Console Business Edition
- Cisco Unified Attendant Console Department Edition
- Cisco Unified Attendant Console Enterprise Edition
- Cisco Unified Attendant Console Premium Edition
- Cisco Unified Attendant Console Standard
- Cisco Unified Contact Center Enterprise
- Cisco Unified Customer Voice Portal
- Cisco Unified E-Mail Interaction Manager
- Cisco Unified IP 6901 Phone
- Cisco Unified IP 6945 Phone
- Cisco Unified IP 7900 Series Phones
- Cisco Unified IP 7937 Phone
- Cisco Unified IP 8831 Conference Phone for Third-Party Call Control
- Cisco Unified IP 8831 Conference Phone
- Cisco Unified IP 8941 and 8945 Phones
- Cisco Unified IP 8961 Phone
- Cisco Unified IP 9951 Phone
- Cisco Unified IP 9971 Phone
- Cisco Unified Intelligent Contact Management Enterprise
- Cisco Unified SIP 3900 Series Phones
- Cisco Unified Web Interaction Manager
- Cisco Unified Wireless IP Phone
- Cisco Unified Workforce Optimization
- Cisco Virtualization Experience Media Edition for Windows
- Cisco Virtualization Experience Media Edition
- Exony Virtualized Interaction Manager (VIM)
Video, Streaming, TelePresence, and Transcoding Devices
- Cisco 4300 Series Digital Media Players
- Cisco 4400 Series Digital Media Players
- Cisco D9824 Advanced Multi Decryption Receiver
- Cisco D9854 and D9854-I Advanced Program Receivers
- Cisco D9858 Advanced Receiver Transcoder
- Cisco D9859 Advanced Receiver Transcoder
- Cisco D9865 Satellite Receiver
- Cisco TelePresence Content Server
- Cisco TelePresence Exchange System
- Cisco TelePresence ISDN Gateway 3241
- Cisco TelePresence ISDN Gateway MSE 8321
- Cisco TelePresence MCU 4200 Series, 4500 Series, 5300 Series, MSE 8420, and MSE 8510
- Cisco TelePresence Management Suite (TMS)
- Cisco TelePresence Management Suite Analytics Extensions
- Cisco TelePresence Management Suite Extension for IBM Lotus Notes
- Cisco TelePresence Management Suite Extensions
- Cisco TelePresence Management Suite Provisioning Extensions
- Cisco TelePresence Serial Gateway Series
- Cisco TelePresence Supervisor MSE 8050
- Cisco Video Surveillance 3000 Series IP Cameras
- Cisco Video Surveillance 4000 Series High-Definition IP Cameras
- Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras
- Cisco Video Surveillance 6000 Series IP Cameras
- Cisco Video Surveillance 7000 Series IP Cameras
- Cisco Video Surveillance PTZ IP Cameras
- Cisco Videoscape AnyRes Live
- Cisco Virtual PGW 2200 Softswitch
- Tandberg Codian ISDN Gateway 3210, 3220, and 3240
- Tandberg Codian MSE 8320
Wireless
- Cisco Aironet Access Points - Running Cisco IOS Software
- Cisco RF Gateway 1 (RFGW-1)
- Cisco Wireless LAN Controller
- Cisco Wireless Security Gateway (WSG) Application
Cisco Hosted Services
- Cisco Cloud Email Security
- Cisco Feature Analytics Service
- Cisco Network Device Security Assessment Service
- Cisco Unified Service Delivery Platform
- Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem - Releases 2.99.4 and later
- Cisco WebEx Meeting Center
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Any workarounds that address one or more of these vulnerabilities are documented in the Cisco bugs, which are accessible from the Cisco Bug Search Tool, for each affected product.
-
For information about fixed software releases, consult the Cisco bug ID(s) listed in this advisory.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
-
These vulnerabilities were discovered by researchers from ABB, Boston University, Cisco, Magnus Stubman, Red Hat, and Oracle.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Version Description Section Status Date 1.5 Updated the list of first fixed releases. Affected Products Final 2017-January-23 1.4 Updated the lists of affected products. Affected Products Final 2017-January-06 1.3 Updated the lists of affected products. Affected Products Interim 2016-December-15 1.2 Updated the lists of affected products. Affected Products Interim 2016-December-02 1.1 Updated the lists of affected products. Affected Products Interim 2016-November-28 1.0 Initial public release. - Interim 2016-November-23
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.