In November 2016, the NTP project released an advisory that announced ten security issues (CVEs) of which one was rated high severity, and two were rated medium severity. This postaddresses the impact of these CVEs against NetScaler.
NetScaler uses a secure default setting for the underlying NTP server, which avoids all of these issues in this advisory. NTP may be further configured from the NetScaler root shell at /nsconfig/ntp.conf to achieve any required settings. In doing so, be sure that the setting does not unsafely expose your appliance to these, or other existing vulnerabilities.
A breakdown of the CVEs from the November advisory follows:
CVE-2016-9312 the only high severity CVE does not impact NetScaler since it pertains to windows systems only. NetScaler does not employ Windows.
CVE-2016-9311 does not impact NetScaler as NTP on NetScaler does not enable traps, using the notrap qualifier.
CVE-2016-9310 does not impact NetScaler since default settings ensure that incoming commands are restricted. Customers adding a new timeserver are recommended to add it as
Read the entire article here, November 2016 NTP Advisory and NetScaler
via the fine folks at Citrix Systems, Inc.