- Home
- CVEs with nessus.description==According+to+its+self-reported+version+number%2C+the+Cisco+Prime+Data+Center+Network+Manager+%28DCNM%29+running+on+the+remote+host+is+affected+by+multiple+vulnerabilities+%3A%0A%0A++-+A+security+weakness+exists+due+to+the+config_auth%28%29+++++function+improperly+generating+default+keys+when+no+++++authentication+key+is+defined+in+the+%27ntp.conf%27+file.%0A++++Key+size+is+limited+to+31+bits+and+the+insecure+++++ntp_random%28%29+function+is+used%2C+resulting+in+++++cryptographically+weak+keys+with+insufficient+entropy.%0A++++This+allows+a+remote+attacker+to+defeat+cryptographic+++++protection+mechanisms+via+a+brute-force+attack.%0A++++%28CVE-2014-9293%29%0A%0A++-+A+security+weakness+exists+due+the+use+of+a+weak+seed+++++to+prepare+a+random+number+generator+used+to+generate+++++symmetric+keys.+This+allows+remote+attackers+to+defeat+++++cryptographic+protection+mechanisms+via+a+brute-force+++++attack.+%28CVE-2014-9294%29%0A%0A++-+Multiple+stack-based+buffer+overflows+exist+due+to+++++improperly+validated+user-supplied+input+when+handling+++++packets+in+the+crypto_recv%28%29%2C+ctl_putdata%28%29%2C+and+++++configure%28%29+functions+when+using+autokey+authentication.%0A++++This+allows+a+remote+attacker%2C+via+a+specially+crafted+++++packet%2C+to+cause+a+denial+of+service+condition+or+++++execute+arbitrary+code.+%28CVE-2014-9295%29%0A%0A++-+A+unspecified+vulnerability+exists+due+to+missing+return+++++statements+in+the+receive%28%29+function%2C+resulting+in+++++continued+processing+even+when+an+authentication+error+++++is+encountered.+This+allows+a+remote+attacker%2C+via+++++crafted+packets%2C+to+trigger+unintended+association+++++changes.+%28CVE-2014-9296%29%0A%0A++-+A+security+bypass+vulnerability+exists+in+the+function+++++read_network_packet%28%29+due+to+a+failure+to+restrict+%3A%3A1+++++source+addresses+on+IPv6+interfaces.+This+allows+a+++++remote+attacker+to+bypass+configured+ACLs+based+on+%3A%3A1.%0A++++%28CVE-2014-9298%29%0A%0AThis+plugin+determines+if+DCNM+is+vulnerable+by+checking+the+version+number+displayed+in+the+web+interface.+The+web+interface+is+not+available+in+older+versions+of+DCNM
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top