Описание
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:ios:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe:-:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
почти 4 года назад
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.
EPSS
Процентиль: 43%
0.0021
Низкий
5 Medium
CVSS2
Дефекты
CWE-264