Cisco IOS Software NTP packet vulnerability

The Network Time Protocol (NTP) is a protocol designed to time-synchronize a network of machines. NTP runs over UDP, which in turn runs over IP.

When a Cisco IOS Software device supporting NTPv4 receives a specific NTP packet it will crash while creating the NTP reply packet. The NTP packet can be sent from any remote device, and does not require authentication. Cisco IOS devices supporting NTPv4 and configured with NTP peer authentication are still vulnerable.

The device does not have to be explicitly configured for NTPv4 peers. For example a device configured with all NTP peers being explicitly labeled as version 2 would still be vulnerable, as shown in the following example:

Router#show running-config | include ntp
ntp peer 192.168.0.254 version 2
ntp peer 192.168.0.1 version 2
Router#

Successful exploitation of the vulnerability may result in a reload of the device. The vulnerability could be repeatedly exploited to cause an extended DoS condition.

There are no workarounds other than disabling NTP on the device. Cisco has released free software updates that address this vulnerability.




Share this