Lucene search
HistoryJul 09, 2014 - 11:07 a.m.
CVE-2014-3309
ntp
cisco ios
ios xe
access-group
time synchronization
security vulnerability
cve-2014-3309
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.9%
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a “deny all” configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
Affected configurations
Node
ciscoiosMatch-
ORciscoios_xeMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco:ios | cisco ios | eq | - |
| cisco:ios_xe | cisco ios xe | eq | - |
Related
cvelist
cvelist
CVE-2014-3309
2014-07-09 10:00:00
nvd
nvd
CVE-2014-3309
2014-07-09 11:07:01
cisco
cisco
Cisco IOS Software and IOS XE Software NTP Access Group Vulnerability
2014-07-09 14:04:56
prion
prion
Use after free
2014-07-09 11:07:00
nessus
nessus
Cisco IOS NTP Information Disclosure (CSCuj66318)
2014-08-07 00:00:00
Cisco IOS XE NTP Information Disclosure (CSCuj66318)
2014-08-07 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.9%
Related for CVE-2014-3309