Problem: According to site https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296,
"The receive function in ntp_proto.c in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association via crafted packet."
Analysis: The NET+OS development environment does not use the NTP (SNTP) referenced in the CV notice. Thus the NET+OS development environment is not vulnerable to this CVE-2014-9296.
Customer Actions: No customer actions are required.
Citations:
Vulnerability Summary for CVE-2014-9296. NIST. National Vulnerability Database.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9296
Last updated:
Jun 21, 2019