Home/Support / Knowledge Base / Is the NET+OS development environment vulnerable to CVE-2014-9296

Is the NET+OS development environment vulnerable to CVE-2014-9296

Problem: According to site https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296,
"The receive function in ntp_proto.c in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association via crafted packet."

Analysis: The NET+OS development environment does not use the NTP (SNTP) referenced in the CV notice. Thus the NET+OS development environment is not vulnerable to this CVE-2014-9296.

Customer Actions: No customer actions are required.

Citations:
Vulnerability Summary for CVE-2014-9296. NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296
 
Last updated: Aug 08, 2017

Recently Viewed Articles

No recently viewed articles
Contact a Digi expert and get started today! Contact Us