Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability
Cisco-SA-20150408-CVE-2015-1798 · Medium · Published · Updated
A vulnerability in the Network Time Protocol (NTP) daemon could allow an unauthenticated, adjacent attacker to bypass authentication mechanisms and access an affected system. The vulnerability is due to incorrect validation of the message authentication code (MAC) field. An attacker could exploit this vulnerability by sending unauthenticated NTP packets to an NTP host that is configured with symmetric key authentication. An exploit could allow the attacker to inject NTP packets to the NTP host without knowing the NTP symmetric key. NTP.org has released a security notice and software updates to address the vulnerability. To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted packets to the affected system. This access requirement limits the likelihood of a successful exploit. The vulnerability is exploitable only on an application that is configured with the symmetric key authentication mechanism. Authentication using autokey is not affected.
Administrators are advised to apply the appropriate updates.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators are advised to monitor affected systems.
The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Identifying and Mitigating Multiple Vulnerabilities in Network Time Protocolhttp://tools.cisco.com/security/center/viewAMBAlert.x?alertId=36857