CVE-2015-8138

Name of the Vulnerable Software and Affected Versions NTP versions 4.2.8p6 and earlier, NTP versions 4.3.x before 4.3.90 NTP (affected versions not specified) in multiple Cisco products

Description The issue allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero, potentially causing a denial of service (DoS) condition or modifying the time being advertised by a device acting as a Network Time Protocol (NTP) server. This vulnerability exposes the possibility of a logic error.

Recommendations For NTP versions 4.2.8p6 and earlier, update to version 4.2.8p6 or later. For NTP versions 4.3.x before 4.3.90, update to version 4.3.90 or later. For NTP in multiple Cisco products, refer to the Cisco bug for each affected product for available workarounds. As a temporary workaround, consider restricting access to the NTP service to minimize the risk of exploitation.