Brian Utterback

**Name of the Vulnerable Software and Affected Versions** NTP versions prior to 4.2.8p9 **Description** The issue is related to the initial sync calculations in NTP, which could allow remote attackers to have an unspecified impact via unknown vectors. This is due to a "root distance that did not include the peer dispersion." Multiple vulnerabilities in the NTP daemon package could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as an NTP server. **Recommendations** For NTP versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue. As a temporary workaround, consider restricting access to NTP services to minimize the risk of exploitation. Additionally, workarounds may be available and are documented in the Cisco bug for each affected product.