CVE-2016-1384

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.1 and 15.5 Cisco IOS XE versions 3.2 through 3.17

Description The issue is related to the NTP implementation, which allows remote attackers to modify the system time via crafted packets. This is due to missing authorization checks on certain NTP packets. An attacker could exploit this by sending malicious packets to the NTP daemon, potentially allowing them to control the time of the affected device.

Recommendations For Cisco IOS versions 15.1 and 15.5, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.2 through 3.17, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the NTP subsystem to minimize the risk of exploitation.