CVE-2016-7433

Name of the Vulnerable Software and Affected Versions NTP versions prior to 4.2.8p9

Description The issue is related to the initial sync calculations in NTP, which could allow remote attackers to have an unspecified impact via unknown vectors. This is due to a "root distance that did not include the peer dispersion." Multiple vulnerabilities in the NTP daemon package could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as an NTP server.

Recommendations For NTP versions prior to 4.2.8p9, update to version 4.2.8p9 or later to resolve the issue. As a temporary workaround, consider restricting access to NTP services to minimize the risk of exploitation. Additionally, workarounds may be available and are documented in the Cisco bug for each affected product.