Manualshelf

Release Notes

ManualsBrandsCisco ManualsCollaboration EndpointsCisco TelePresence Administration Software 1.2
21222324252627282930
22
Release Notes for Cisco TelePresence System Software Release 1.10
Caveats in the CTS 1.10 Releases
CSCuz44368
Symptom Cisco TelePresence 1310 ; Cisco TelePresence System 1000 ; Cisco TelePresence System 1100
; Cisco TelePresence System 1300 ; Cisco TelePresence System 3000 Series ; Cisco TelePresence
System 500-32 ; Cisco TelePresence System 500-37 ; Cisco TelePresence TX 9000 Series includes a
version of ntpd that is affected by the vulnerabilities identified by the Common Vulnerability and
Exposures (CVE) IDs:
CVE-2016-1551, CVE-2016-2516, CVE-2016-2517, CVE-2016-2518, CVE-2016-2519,
CVE-2015-8138, CVE-2016-1550, CVE-2015-7704, CVE-2016-1547, CVE-2016-1548,
CVE-2016-1549
And disclosed in
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd
This product is affected by one or more of the listed CVE ids.
Conditions Device configured with NTP.
Cisco has reviewed and concluded that this product is affected by the following Common Vulnerability
and Exposures (CVE) IDs:
CVE-2016-2518 - Network Time Protocol Crafted addpeer With hmode > 7 Causes Array
Wraparound With MATCH_ASSOC
CVE-2015-8138 - Network Time Protocol Zero Origin Timestamp Bypass
CVE-2016-1550 - Network Time Protocol Improve NTP Security Against Buffer Comparison
Timing Attacks
CVE-2015-7704 - Network Time Protocol Original Fix For NTP Bug 2901 Broke Peer Associations
CVE-2016-1548 - Network Time Protocol Interleave-pivot Denial Of Service Vulnerability
CVE-2016-1549 - Network Time Protocol Sybil Vulnerability: Ephemeral Association Attack
CVE-2016-1551: Network Time Protocol Refclock Impersonation Vulnerability
CVE-2016-2516: Network Time Protocol Duplicate IPs On Unconfig Directives Will Cause An
Assertion Botch In ntpd
CVE-2016-2519 - Network Time Protocol Remote ctl_getitem() Return Value Not Always Checked
CVE-2016-2517: Network Time Protocol Remote Configuration
Trustedkey/Requestkey/Controlkey Values Are Not Properly Validated
CVE-2016-1547 - Network Time Protocol CRYPTO-NAK Denial Of Service Vulnerability
Workaround Not available.
Further Problem Description
Additional details about those vulnerabilities can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal
CVSS scores as of the time of evaluation are: 6.4/5.3.
http://tools.cisco.com/security/center/cvssCalculator.x?version=2&vector=AV:N/AC:L/Au:N/C:N/I:P/
A:P/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:L/IR:L/AR: