CVE-2014-3309

Name of the Vulnerable Software and Affected Versions Cisco IOS and IOS XE (affected versions not specified)

Description The issue is related to the improper implementation of the ntp access-group command in certain Cisco IOS Software and Cisco IOS XE Software versions. This allows an unauthenticated, remote attacker to bypass the configured Network Time Protocol (NTP) access group and query the affected NTP-configured server for the time. The vulnerability can be exploited by sending NTP query packets to an affected NTP server configured to deny all requests. The attacker must have access to trusted, internal networks behind a firewall to send NTP query packets to the system, which may decrease the likelihood of a successful exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.