CVE-2014-3309 Information

Description

The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a \deny all\ configuration which allows remote attackers to bypass intended restrictions on time synchronization via a standard query aka Bug ID CSCuj66318.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3309 http://www.securityfocus.com/bid/68463 http://www.securitytracker.com/id/1030549 https://exchange.xforce.ibmcloud.com/vulnerabilities/94420