- Home
- CVEs with nessus.description==According to its self-reported version number, the Cisco Prime Data
Center Network Manager (DCNM) running on the remote host is affected
by multiple vulnerabilities :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed
to prepare a random number generator used to generate
symmetric keys. This allows remote attackers to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to
improperly validated user-supplied input when handling
packets in the crypto_recv(), ctl_putdata(), and
configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted
packet, to cause a denial of service condition or
execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
crafted packets, to trigger unintended association
changes. (CVE-2014-9296)
- A security bypass vulnerability exists in the function
read_network_packet() due to a failure to restrict ::1
source addresses on IPv6 interfaces. This allows a
remote attacker to bypass configured ACLs based on ::1.
(CVE-2014-9298)
This plugin determines if DCNM is vulnerable by checking the version
number displayed in the web interface. The web interface is not
available in older versions of DCNM.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top