Symptom
Passive ntp associations are not restricted by default on the Cisco IOS-XR.
Conditions
Exposure is not configuration dependent.
Workaround
Direct control of passive associations is not available. But one can use the ntp authenticate configuration to prevent any unauthenticated
sessions, and/or use ACLs to limit the exposure.
Further Problem Description
The IOS-XR by default accepts passive associations, this bug is to update the default to match Cisco IOS and to provide the
associated command line configuration.
PSIRT Evaluation
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via
normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
