Symptom
Cisco MDS 9000 Series Multilayer Switches and Nexus 7000 Series Switches includes a version of the NTP Protocol that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298, CVE-2015-1798, CVE-2015-1799, CVE-2019-8936, CVE-2019-11331, CVE-2015-5300, CVE-2015-7704, CVE-2015-7849, CVE-2015-7851, CVE-2015-7852, CVE-2015-7871, CVE-2016-4953, CVE-2016-4954, CVE-2016-7433
This bug was opened to address the potential impact on this product.
Conditions
Device with default configuration.
Workaround
Not available or not applicable.
Further Problem Description
None
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 9.8:
https://tools.cisco.com/security/center/cvssCalculator.x?vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE ID CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9297, CVE-2014-9298, CVE-2015-1798, CVE-2015-1799, CVE-2019-8936, CVE-2019-11331, CVE-2015-5300, CVE-2015-7704, CVE-2015-7849, CVE-2015-7851, CVE-2015-7852, CVE-2015-7871, CVE-2016-4953, CVE-2016-4954, CVE-2016-7433 has been assigned to document this issue.
Additional information on Cisco''s security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
