cnvd - cnvd-2016-02442

cnvd-2016-02442

Vulnerability from cnvd

Title

Cisco IOS/Cisco IOS XE ntp子系统未授权访问漏洞

Description

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。 Cisco IOS/Cisco IOS XE Software未能有效检查某些ntp报文，可使远程攻击者注入恶意报文到ntp后台程序，控制受影响设备。

Severity

中

Patch Name

Cisco IOS/Cisco IOS XE ntp子系统未授权访问漏洞的补丁

Patch Description

Cisco IOS是多数思科系统路由器和网络交换机上使用的互联网络操作系统。 Cisco IOS/Cisco IOS XE Software未能有效检查某些ntp报文，可使远程攻击者注入恶意报文到ntp后台程序，控制受影响设备。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Cisco已经为此发布了一个安全公告（cisco-sa-20160419-ios）以及相应补丁链接： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios

Impacted products

Name
['Cisco IOS', 'Cisco IOS XE Software']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1384"
    }
  },
  "description": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS/Cisco IOS XE Software\u672a\u80fd\u6709\u6548\u68c0\u67e5\u67d0\u4e9bntp\u62a5\u6587\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u6ce8\u5165\u6076\u610f\u62a5\u6587\u5230ntp\u540e\u53f0\u7a0b\u5e8f\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u8bbe\u5907\u3002",
  "discovererName": "Han Sahin",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20160419-ios\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01\u94fe\u63a5\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02442",
  "openTime": "2016-04-21",
  "patchDescription": "Cisco IOS\u662f\u591a\u6570\u601d\u79d1\u7cfb\u7edf\u8def\u7531\u5668\u548c\u7f51\u7edc\u4ea4\u6362\u673a\u4e0a\u4f7f\u7528\u7684\u4e92\u8054\u7f51\u7edc\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco IOS/Cisco IOS XE Software\u672a\u80fd\u6709\u6548\u68c0\u67e5\u67d0\u4e9bntp\u62a5\u6587\uff0c\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u6ce8\u5165\u6076\u610f\u62a5\u6587\u5230ntp\u540e\u53f0\u7a0b\u5e8f\uff0c\u63a7\u5236\u53d7\u5f71\u54cd\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IOS/Cisco IOS XE ntp\u5b50\u7cfb\u7edf\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS",
      "Cisco IOS XE Software"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-20",
  "title": "Cisco IOS/Cisco IOS XE ntp\u5b50\u7cfb\u7edf\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2016-1384 (GCVE-0-2016-1384)

Vulnerability from cvelistv5

Published

2016-04-20 17:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.

References

URL

Tags

	http://www.securityfocus.com/bid/86685	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1035622	vdb-entry, x_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160419-ios	vendor-advisory, x_refsource_CISCO