- Home
- CVEs with nessus.description==According to its self-reported version number, the version of Cisco
Prime Security Manager running on the remote host is prior to 9.3.3.2.
It is, therefore, affected by multiple vulnerabilities in the bundled
NTP libraries :
- A security weakness exists due to the config_auth()
function improperly generating default keys when no
authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure
ntp_random() function is used, resulting in
cryptographically-weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic
protection mechanisms via a brute-force attack.
(CVE-2014-9293)
- A security weakness exists due the use of a weak seed
to prepare a random number generator used to generate
symmetric keys. This allows remote attackers to defeat
cryptographic protection mechanisms via a brute-force
attack. (CVE-2014-9294)
- Multiple stack-based buffer overflows exist due to
improperly validated user-supplied input when handling
packets in the crypto_recv(), ctl_putdata(), and
configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted
packet, to cause a denial of service condition or
execute arbitrary code. (CVE-2014-9295)
- A unspecified vulnerability exists due to missing return
statements in the receive() function, resulting in
continued processing even when an authentication error
is encountered. This allows a remote attacker, via
crafted packets, to trigger unintended association
changes. (CVE-2014-9296)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top