CVE-2016-1384 — Cisco IOS vulnerability

CWE-2645 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 63.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE

Timeline

PublishedApr 20

Latest updateMay 17

Description

The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios33 versions+32

▶NVDcisco/ios_xe154 versions+153

🔴Vulnerability Details

GHSA

GHSA-x2rg-98fw-rff3: The NTP implementation in Cisco IOS 15↗2022-05-17

▶

CVEList

CVE-2016-1384: The NTP implementation in Cisco IOS 15↗2016-04-20

▶

📋Vendor Advisories

Cisco

Cisco IOS and Cisco IOS XE ntp Subsystem Unauthorized Access Vulnerability↗2016-04-19

▶

💬Community

Bugzilla

CVE-2016-5009 Ceph monitor crash: mon_command crashes ceph monitors on receiving empty prefix↗2016-06-30

▶