BugZero | Cisco BugID CSCvg31012 - Reject NTP MODE 6 packets in IOS-XR

Cisco - Defect ID: CSCvg31012

Reject NTP MODE 6 packets in IOS-XR

Cisco - Defect ID: CSCvg31012

Reject NTP MODE 6 packets in IOS-XR

Last updated on September 30th, 2025

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Lifecycle: 9.1

Popularity: 6.0

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

The current XR/NTP code allows 'mode 6' but not 'mode 7'. There is code to restrict mode 6 as well, if "restrict default noquery? is specified but no CLI way to set it, while 'mode 7' is rejected without any checks in current XR code base. We need to change the code to reject 'mode 6' without checks as well in the XR code base. In IOS we have the bug CSCum44673 that is specifically tracking NTP MODE6 vulnerability.

Conditions

NTP mode 6

Workaround

None

Further Problem Description

None.

PSIRT Evaluation

The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco''s security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Change history

2025-09-30 Added: 6.4.1

Links

Original Vendor Announcement

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.4.1

Fixed versions: 6.2.3, 6.3.15, 6.3.2, 6.3.3, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.5.1, 6.5.15, 6.5.2, 6.5.25, 6.5.26, 6.5.28, 6.5.29, 6.5.3, 6.5.90, 6.5.92, 6.5.93, 6.6.1, 6.6.11, 6.6.12, 6.6.2, 6.6.25, 6.6.3, 6.6.4, 6.7.1, 6.7.2, 7.0.0, 7.0.1, 7.0.11, 7.0.12, 7.0.14, 7.0.2, 7.0.90, 7.1.1, 7.1.15, 7.1.2, 7.1.25, 7.2.0, 7.2.1, 7.2.12

Relevant Products

Click on a version to see all relevant bugs

Affected versions:6.4.1

Top Cisco Defects

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCvg31012

Reject NTP MODE 6 packets in IOS-XR

Cisco - Defect ID: CSCvg31012

Reject NTP MODE 6 packets in IOS-XR

Last updated on September 30th, 2025

BugZero Risk Score6.2 Medium

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

PSIRT Evaluation

Links

Top Cisco Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.2 Medium