Spectracom - Essential Ingenuity

NTP Vulnerabilities Prior to Version 4.2.8p10

Question

When will SecureSync and NetClock 9400 be updated to NTP version 4.2.8p10

Answer

Several vulnerabilities were recently reported in ntpd currently used in SecureSync and NetClock 9400 application software version 5.6.0 or below. Several high severity vulnerabilities relate to Windows installations and some unused reference clock drivers and does not effect Spectracom products. Two high severity vulnerabilities (CVE-2017-6460 and CVE-2017-6458) relates to ntpq queries and can be mitigated in affected versions by disabling remote ntpq queries until a patched release is available. Several other vulnerabilities also do not apply or are mitigated by other network security mechanisms. Contact Spectracom for details.

It is expected that Spectracom products will be updated to NTP version 4.2.8p10 in the April 5.7.0 release

Was this information helpful?

 Yes  No