Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.1313 Multiple Vulnerabilities in Cisco Prime Data Center Network Manager 19 September 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Prime DCNM Publisher: Cisco Systems Operating System: Windows Server 2008 Red Hat Enterprise Linux Server 5 Virtualisation Cisco Impact/Access: Root Compromise -- Remote/Unauthenticated Administrator Compromise -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-5490 CVE-2013-5487 CVE-2013-5486 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager Advisory ID: cisco-sa-20130918-dcnm Revision 1.0 For Public Release 2013 September 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released free software updates that address these vulnerabilities. There are currently no workarounds that mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) iF4EAREKAAYFAlI5sEcACgkQUddfH3/BbTo9DQD+Mm2vPADrFs+6ZKRVdtyRmfKl 1dAoJ31/KIf8LdIJZ3AA/RMCA/I9eXnVEWNdnAn4mB01WxekgqqPP0l8pCwLONAs =HT2Y - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUjp4CBLndAQH1ShLAQIhrw//dv/xj3NGOAbaNJG0w8JLzGIKxLpRs5g1 IhgbPSMXkLmN5CMXQxLyywz29CtQvmkotpr+WKW74cq0XFpya+aq9u+YySL6LO5B gLDWY2ArMtZWdw4mZ37+v4/zaOpZY48s/XoNYh3UyQjnRsZIKufSHFfeh3DiahHf wM+HQhHha3jxcS0/hCqtLd/wojvVxdnSCv1vHkWthP/2AVNi0mb0aUEi33qE81N7 dbd4M5coYsUl+75gE3e1k00DnZFSrBxBR/tBeoOjAzSyV6XEnWDaIQxZBO8shg6d 8JAV5YPuiuJKnVbjGCnp6uEkQ8cWRS1y3m5BHNmg38PdZauf9iGsGUEZ+M3gCKYQ KW7dVTht65bXLklFQbizYS9O0/WsPgVC3eoR07ogLS0sODLIYRLmucNGcd8RZZwI AZ43gXArr5QLRMFM5mEixPejPhrrqfnWPlrqorMte3ac5LmqN1ZChHS/M1Qv/aAv txCTPk8IunB7PV7W7a8ozosh2ZHeR+DGonRQ7zY6O7mLt43vkH+L8kMOoctJWIdr wvQ2MawN2tFDGQS3ZO+7sRRinD59QGu7+nBZ7Usz8YokyaGBE/YEfXc/m3qD2P1E PrR+vYsnv8d7rjPAMFjea9taRoFEyhuJGiQmADzpA6jiwoC5f46AKWs/OnPltrM5 QrQae0Y5ztE= =Xl36 -----END PGP SIGNATURE-----