CVE-2016-4955

Name of the Vulnerable Software and Affected Versions NTP versions 4.x before 4.2.8p8

Description The issue allows remote attackers to cause a denial of service by sending a spoofed crypto-NAK packet or a packet with an incorrect MAC value at a certain time when autokey is enabled. This can lead to peer-variable clearing and association outage. Multiple Cisco products that incorporate a version of the Network Time Protocol daemon package are affected, potentially allowing an unauthenticated, remote attacker to cause a denial of service condition or modify the time being advertised by a device acting as a Network Time Protocol server.

Recommendations For NTP versions 4.x before 4.2.8p8, update to version 4.2.8p8 or later to resolve the issue. As a temporary workaround, consider disabling the autokey feature until a patch is available. Restrict access to the NTP server to minimize the risk of exploitation. Avoid using the autokey feature in the affected NTP version until the issue is resolved.