Hi,
the latest newsletter contained the advisory cisco-sa-20161123-ntpd. I tried to fetch it with the REST API call /advisories/cvrf/advisory/<advisory-id> but the server returns a 406 error code.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HI Stefan,
Thank you for bringing this into our attention. I have the development team looking at this now. It appears to be only for that advisory, but Cisco is investigating now.
Thanks again!
Omar
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi Stefan,
The issue has been fixed. You should now be able to pull the information about that advisory:
{
"advisoryId": "cisco-sa-20161123-ntpd",
"advisoryTitle": "Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016",
"bugIDs": [
"NA"
],
"cves": [
"CVE-2015-8138",
"CVE-2016-7426",
"CVE-2016-7427",
"CVE-2016-7428",
"CVE-2016-7429",
"CVE-2016-7431",
"CVE-2016-7433",
"CVE-2016-7434",
"CVE-2016-9310",
"CVE-2016-9311",
"CVE-2016-9312"
],
"cvssBaseScore": "NA",
"cwe": [
"CWE-119",
"CWE-20",
"CWE-399"
],
"firstPublished": "2016-11-23T16:00:00-0600",
"lastUpdated": "2016-11-28T14:53:04-0600",
"productNames": [
"NA"
],
"publicationUrl": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd",
"sir": "Medium",
"summary": "Multiple Cisco products incorporate a version of the Network Time Protocol daemon (ntpd) package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or modify the time being advertised by a device acting as a Network Time Protocol (NTP) server.\n<br />\n<br />\nOn November 21, 2016, the NTP Consortium of the Network Time Foundation released a security notice that details ten issues regarding DoS vulnerabilities and logic issues that may allow an attacker to shift a system's time.\n<br />\n<br />\nThe new vulnerabilities disclosed in this document are as follows:<br />\n<ul>\n <li>Network Time Protocol Trap Service Denial of Service Vulnerability</li>\n <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li>\n <li>Network Time Protocol Broadcast Mode Denial of Service Vulnerability</li>\n <li>Network Time Protocol Insufficient Resource Pool Denial of Service Vulnerability</li>\n <li>Network Time Protocol Configuration Modification Denial of Service Vulnerability</li>\n <li>Network Time Protocol mrulist Query Requests Denial of Service Vulnerability</li>\n <li>Network Time Protocol Multiple Binds to the Same Port Vulnerability</li>\n <li>Network Time Protocol Rate Limiting Denial of Service Vulnerability</li>\n</ul>\n<div>As well as:<br />\n<ul>\n <li>Regression of CVE-2015-8138</li>\n <li>Network Time Protocol Reboot sync calculation problem</li>\n</ul>\n</div>\nAdditional details about each vulnerability are in the <a href=\"http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se\">NTP Consortium Security Notice</a>.<br />\n<br />\nWorkarounds that address one or more of these vulnerabilities may be available and will be documented in the Cisco bug for each affected product.\n<br />\n<br />\nThis advisory is available at the following link:<br />\n<a href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd</a>"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Comments
0 comments
Please sign in to leave a comment.