Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.
Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client’s time.

The vulnerabilities covered in this document are as follows:

CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability
CVE-2015-7974: Network Time Protocol Missing Trusted Key Check
CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check
CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames
CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability
CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service
CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service
CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp
CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack
CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop

Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: Security Notice

Cisco has released software updates that address these vulnerabilities.

Workarounds that address some of these vulnerabilities may be available.

Available workarounds will be documented in the corresponding Cisco bug for each affected product. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd
Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package.
Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.

On January 19, 2016, NTP Consortium at Network Time Foundation released a security advisory detailing 12 issues regarding multiple DoS vulnerabilities, information disclosure vulnerabilities, and logic issues that may allow an attacker to shift a client’s time.

The vulnerabilities covered in this document are as follows:

CVE-2015-7973: Network Time Protocol Replay Attack on Authenticated Broadcast Mode Vulnerability
CVE-2015-7974: Network Time Protocol Missing Trusted Key Check
CVE-2015-7975: Standard Network Time Protocol Query Program nextvar() Missing Length Check
CVE-2015-7976: Standard Network Time Protocol Query Program saveconfig Command Allows Dangerous Characters in Filenames
CVE-2015-7978: Network Time Protocol Daemon reslist NULL Pointer Deference Denial of Service Vulnerability
CVE-2015-7977: Network Time Protocol Stack Exhaustion Denial of Service
CVE-2015-7979: Network Time Protocol Off-Path Broadcast Mode Denial of Service
CVE-2015-8138: Network Time Protocol Zero Origin Timestamp Bypass
CVE-2015-8139: Network Time Protocol Information Disclosure of Origin Timestamp
CVE-2015-8140: Standard Network Time Protocol Query Program Replay Attack
CVE-2015-8158: Standard and Special Network Time Protocol Query Program Infinite loop

Additional details on each of the vulnerabilities are in the official security advisory from the NTP Consortium at Network Time Foundation at the following link: Security Notice

Cisco has released software updates that address these vulnerabilities.

Workarounds that address some of these vulnerabilities may be available.

Available workarounds will be documented in the corresponding Cisco bug for each affected product. 

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd

Security Impact Rating: Medium

CVE: CVE-2015-7973,CVE-2015-7974,CVE-2015-7975,CVE-2015-7976,CVE-2015-7977,CVE-2015-7978,CVE-2015-7979,CVE-2015-8138,CVE-2015-8139,CVE-2015-8140,CVE-2015-8158