Vulnerability Description
The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | 15.1\(1\)s |
| Cisco | Ios Xe | 3.2.0ja |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/86685
- http://www.securitytracker.com/id/1035622
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/86685
- http://www.securitytracker.com/id/1035622
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2016-1384?
CVE-2016-1384 is a vulnerability with a CVSS score of 7.5 (HIGH). The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 through 3.17 allows remote attackers to modify the system time via crafted packets, aka Bug ID CSCux46898.
How severe is CVE-2016-1384?
CVE-2016-1384 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1384?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco Ios Xe.