CVE-2014-3309

Severity

50%

Complexity

99%

Confidentiality

48%

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 10 years ago

2014-07-09 11:07:00

Last updated 7 years ago

2017-08-29 01:34:00

Affected Software

Cisco IOS

Cisco IOS XE

References

20140708 Cisco IOS and IOS XE Software NTP Access Group Vulnerability

Vendor Advisory

68463

1030549

ciscoios-cve20143309-info-disc(94420)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.