Symptom
This product includes a version of ntpd that is affected by the vulnerability identified by one or more of the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2016-9042, CVE-2017-6464, CVE-2017-6462, CVE-2017-6463, CVE-2017-6455, CVE-2017-6452, CVE-2017-6459, CVE-2017-6458, CVE-2017-6451, CVE-2017-6460, CVE-2015-8138, CVE-2016-7431
This bug has been opened to address the potential impact on this product.
<!--Cisco has analyzed the vulnerabilities and concluded that this product may be affected by the following vulnerabilities:
CVE-2017-6464 - NTP-01-016 NTP: Denial of Service via Malformed Config
CVE-2017-6462 - NTP-01-014 NTP: Buffer Overflow in DPTS Clock
CVE-2017-6463 - NTP-01-012 NTP: Authenticated DoS via Malicious Config Option
CVE-2017-6458 - NTP-01-004 NTP: Potential Overflows in ctl_put() functions
CVE-2017-6451 - NTP-01-003 Improper use of snprintf() in mx4200_send()
CVE-2017-6460 - NTP-01-002 Buffer Overflow in ntpq when fetching reslist
CVE-2016-9042 - Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
This product is not affected by the following vulnerability:
CVE-2017-6455 - NTP-01-009 NTP: Windows: Privileged execution of User Library code
CVE-2017-6452 - NTP-01-008 NTP: Windows Installer: Stack Buffer Overflow from Command Line
CVE-2017-6459 - NTP-01-007 NTP: Windows Installer: Data Structure terminated insufficiently
-->
Conditions
Device configured with NTP.
Further Problem Description
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is: 4.4
http://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
