Executive Summary

TitleCisco IOS Software Precision Time Protocol Denial of Service Vulnerability
Namecisco-sa-20180926-ptpFirst vendor Publication2018-09-26
VendorCiscoLast vendor Modification2018-09-26
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time Protocol.

The vulnerability is due to insufficient processing of PTP packets. An attacker could exploit this vulnerability by sending a custom PTP packet to, or through, an affected device. A successful exploit could allow the attacker to cause a DoS condition for the PTP subsystem, resulting in time synchronization issues across the network.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ptp"]

This advisory is part of the September 26, 2018, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication, which includes 12 Cisco Security Advisories that describe 13 vulnerabilities. For a complete list of the advisories and links to them, see Cisco Event Response: September 2018 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication ["http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-69981"].


iQJ5BAEBAgBjBQJbq67YXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfczGkEQAIDU8Qlw5ZHd2onLHzx9GNU4XzaK 96J6WmKwhnwgI27a7qBRmBF6eWFq9HNa6eFmufau2Tjta90mMPjss4ayZVxs8fC5 v0j2x37wC4SfJhChH+Ut4Iz0WGHF3ILRiqoufPKTG+oTN9TOiO9YnB7tiywUyM4n VHtfEAW0C6SepSSEAoCi8GSgPBI99t2cgUaJ60TPOeuiN2IwrkbhJU9oAUvpr2Y2 ACFzrF9RB3BMIaXTBdAolC2OcGwGM6XnpbuhiKNvJBcFif1CdphJuY3O+3NzHEjZ /pSGkdOAHCKMbQF33A4RJpOx0rVCbCOFvDlUOWJAshJNwW+tjE63Ugc/QGmPp0jW XpHpoSDvalY73r0pdLUs+MyPiLvJTu7jm17Z03j0dO6bH46L0E4ki5K05pv/ppEs NUICFUUxFYdIKx7ZbyCzbz1flRF5JukY+joaXIB8C9X5tZxpI3sLdSWDJQIYhQ50 9FTtPC5M0iM/tCC8q2ZtTToJK/qy5Cw8qjTe2ua/aNFm7PeE2eLlZoh3lRgW2GlK FNhwRsUwXzROf7yFms8jvo4QMnsnTEUSK95YQj2gF2XQRbq37pa9NZR+UZDZKmvx V7kZi8ePE70SZVheYKEG6lDBSSoujvfgCXh1I9efiAIqiQtYgW6gg/oDsft/33zH 5Wt2HSNPSnQKpjy8 =e2fh END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

100 %CWE-399Resource Management Errors

CPE : Common Platform Enumeration


Nessus® Vulnerability Scanner

2018-10-05Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20180926-ptp.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2019-01-07 21:21:26
  • Multiple Updates
2018-10-05 21:21:50
  • Multiple Updates
2018-09-26 21:19:07
  • First insertion