Monitoring, Management & Location Tracking

Resolve NTP vulnerability on Airwave

Aruba Employee

Introduction : This article talks about resolving the NTP vulnerability on Airwave


Configuration Steps : We might get the below information when we run a  Nessus scan against AirWave.

The remote network time service could be used for network reconnaissance or abused in a distributed denial of service attack.

The version of ntpd on the remote host has the 'monlist' command enabled. This command returns a list of recent
hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed
source IP, a distributed denial of service attack.

See Also

If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add 'disable
monitor' to the 'ntp.conf'
configuration file and restart the service. Otherwise, contact the vendor.

Risk Factor
CVSS Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score
4.3 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
BID 64692
CVE CVE-2013-5211
XREF CERT:348126
Plugin Information:
Publication date: 2014/01/02, Modification date: 2014/01/13

Nessus was able to retrieve the following list of recent hosts to
connect to this NTP server

How can we fix this?

Login to CLI of Airwave as root and add the following line into /etc/ntp.conf:
  restrict default noquery
Restart ntpd (service ntpd restart)


Version history
Revision #:
1 of 1
Last update:
‎07-04-2014 03:07 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.