Our SecureSync 1200 and NetClock 9400 line of products have an internal compact flash (CF) card which handles the day to day logging of critical operations within your appliance. As more and more operations occur and logging functions increase, CF cards can wear-out over time and require a replacement to maintain their logging capabilities.

Spectracom products are only susceptible if an attacker can successfully authenticate with the product and gain command line shell access. Malware is required to be run locally within the system to exploit these vulnerabilities. Spectracom recommends following good security practices, including applying software updates containing the latest security patches as they become available, and applying policies and settings that protect and limit access to authorized and trusted users. We are working to update our operating systems and software as they become available to resolve these potential vulnerabilities within the affected products. We will update this bulletin as new information becomes available.

New shipments of the SecureSync Time & Frequency Synchronization Platform, including NetClock 9400 Series Time Servers, include an upgraded version of the core processing module. The new version will provide users with faster processing speeds and enhanced memory functionality. The new processor requires at least version 5.7.0 of the firmware.

Spectracom products running LINUX are only susceptible if an attacker is able to successfully authenticate with the product and gain shell access. This Linux vulnerability can only be exploited if an attacker is able to successfully authenticate with the product and gain shell access. We eliminated the vulnerability in the 5.7.0 release for SecureSync and NetClock 9400.

Several vulnerabilities were recently reported in ntpd currently used in application software version 5.6.0 or below. The 5.7.0 release resolves these vulnerabilities with the update to NTP version 4.2.8p10.

When GPS started broadcasting the leap second notification on July 19, 2016 for activation on Dec 31, some GPS timing receivers erroneously inserted the leap second resulting in a 1 second time error.

Spectracom SecureSync and NetClock 9400 units need a certain amount of free space on its compact flash memory. A bug in version 5.0.2 continuously creates log entries during normal operation which over a long period of time will consume memory that will compromise correct operation of the unit.

When performing a software upgrade, a SecureSync or NetClock 9400 requires additional disk space. It is recommended to ensure memory usage is less than 70% before upgrading. If memory usage is more than 70%, save and delete logs and previous update files