Problem: A vulnerability was discovered in certain SNTP implementations, specifically according to the following web site:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9293,
"The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via brute-force attack.
Analysis: The NTP(SNTP) implementation in the NET+OS development environment, does not use SSL in its sending and receiving of packets. Thus the NET+OS development environment is not vulnerable to CVE-2014-9293.
Customer actions: No customer action is required.
Citations:
"Vulnerability Summary for CVE-2014-9293". NIST, National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9293
Last updated:
Jun 21, 2019