Sign-up

ID

VAR-201407-0373


CVE

CVE-2014-3309


TITLE

Cisco IOS and IOS XE of NTP Vulnerability that bypasses time synchronization restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2014-003293

DESCRIPTION

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318. Vendors have confirmed this vulnerability Bug ID CSCuj66318 It is released as.A third party may be able to bypass time synchronization restrictions via standard queries. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Cisco IOS and IOS XE Software are prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass the security restrictions, access information and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCuj66318. The vulnerability is caused by the incorrect implementation of the ntp access-group command in the program

Trust: 2.52

sources: NVD: CVE-2014-3309 // JVNDB: JVNDB-2014-003293 // CNVD: CNVD-2014-04227 // BID: 68463 // VULHUB: VHN-71249

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-04227

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:iosscope:lteversion:15.4(1)t

Trust: 0.8

vendor:ciscomodel:ios xescope:lteversion:3.11s(.2)

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-04227 // BID: 68463 // JVNDB: JVNDB-2014-003293 // CNNVD: CNNVD-201407-231 // NVD: CVE-2014-3309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3309
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3309
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-04227
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201407-231
value: MEDIUM

Trust: 0.6

VULHUB: VHN-71249
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3309
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-04227
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-71249
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-04227 // VULHUB: VHN-71249 // JVNDB: JVNDB-2014-003293 // CNNVD: CNNVD-201407-231 // NVD: CVE-2014-3309

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-71249 // JVNDB: JVNDB-2014-003293 // NVD: CVE-2014-3309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-231

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201407-231

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003293

PATCH
title:Cisco IOS Software and Cisco IOS XE Software NTP Access Group Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309
Trust: 0.8
title:34884url:http://tools.cisco.com/security/center/viewAlert.x?alertId=34884
Trust: 0.8
title:Patches for NTP Access Group Vulnerabilities in Cisco IOS and IOS XE Softwareurl:https://www.cnvd.org.cn/patchInfo/show/47381
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-04227 // 
            
            
            
            JVNDB: JVNDB-2014-003293

EXTERNAL IDS
db:NVDid:CVE-2014-3309
Trust: 3.4
db:BIDid:68463
Trust: 2.0
db:SECTRACKid:1030549
Trust: 1.1
db:JVNDBid:JVNDB-2014-003293
Trust: 0.8
db:CNNVDid:CNNVD-201407-231
Trust: 0.7
db:CNVDid:CNVD-2014-04227
Trust: 0.6
db:VULHUBid:VHN-71249
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-04227 // 
            
            
            
            VULHUB: VHN-71249 // 
            
            
            
            BID: 68463 // 
            
            
            
            JVNDB: JVNDB-2014-003293 // 
            
            
            
            CNNVD: CNNVD-201407-231 // 
            
            
            
            NVD: CVE-2014-3309

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3309
Trust: 2.6
url:http://www.securityfocus.com/bid/68463
Trust: 1.1
url:http://www.securitytracker.com/id/1030549
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/94420
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3309
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3309
Trust: 0.8
url:http://www.cisco.com/public/sw-center/sw-ios.shtml
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-04227 // 
            
            
            
            VULHUB: VHN-71249 // 
            
            
            
            BID: 68463 // 
            
            
            
            JVNDB: JVNDB-2014-003293 // 
            
            
            
            CNNVD: CNNVD-201407-231 // 
            
            
            
            NVD: CVE-2014-3309

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 68463

SOURCES
db:CNVDid:CNVD-2014-04227
db:VULHUBid:VHN-71249
db:BIDid:68463
db:JVNDBid:JVNDB-2014-003293
db:CNNVDid:CNNVD-201407-231
db:NVDid:CVE-2014-3309

LAST UPDATE DATE
2025-04-13T23:25:23.693000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-04227date:2014-07-11T00:00:00
db:VULHUBid:VHN-71249date:2017-08-29T00:00:00
db:BIDid:68463date:2014-07-08T00:00:00
db:JVNDBid:JVNDB-2014-003293date:2014-07-10T00:00:00
db:CNNVDid:CNNVD-201407-231date:2014-07-10T00:00:00
db:NVDid:CVE-2014-3309date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-04227date:2014-07-11T00:00:00
db:VULHUBid:VHN-71249date:2014-07-09T00:00:00
db:BIDid:68463date:2014-07-08T00:00:00
db:JVNDBid:JVNDB-2014-003293date:2014-07-10T00:00:00
db:CNNVDid:CNNVD-201407-231date:2014-07-10T00:00:00
db:NVDid:CVE-2014-3309date:2014-07-09T11:07:01.447