Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1313
Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
19 September 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Prime DCNM
Publisher: Cisco Systems
Operating System: Windows Server 2008
Red Hat Enterprise Linux Server 5
Virtualisation
Cisco
Impact/Access: Root Compromise -- Remote/Unauthenticated
Administrator Compromise -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-5490 CVE-2013-5487 CVE-2013-5486
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
Advisory ID: cisco-sa-20130918-dcnm
Revision 1.0
For Public Release 2013 September 18 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.
Cisco Prime DCNM is affected by the following vulnerabilities:
Cisco Prime DCNM Information Disclosure Vulnerability
Cisco Prime DCNM Remote Command Execution Vulnerabilities
Cisco Prime DCNM XML External Entity Injection Vulnerability
Cisco has released free software updates that address these vulnerabilities. There are currently no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
iF4EAREKAAYFAlI5sEcACgkQUddfH3/BbTo9DQD+Mm2vPADrFs+6ZKRVdtyRmfKl
1dAoJ31/KIf8LdIJZ3AA/RMCA/I9eXnVEWNdnAn4mB01WxekgqqPP0l8pCwLONAs
=HT2Y
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUjp4CBLndAQH1ShLAQIhrw//dv/xj3NGOAbaNJG0w8JLzGIKxLpRs5g1
IhgbPSMXkLmN5CMXQxLyywz29CtQvmkotpr+WKW74cq0XFpya+aq9u+YySL6LO5B
gLDWY2ArMtZWdw4mZ37+v4/zaOpZY48s/XoNYh3UyQjnRsZIKufSHFfeh3DiahHf
wM+HQhHha3jxcS0/hCqtLd/wojvVxdnSCv1vHkWthP/2AVNi0mb0aUEi33qE81N7
dbd4M5coYsUl+75gE3e1k00DnZFSrBxBR/tBeoOjAzSyV6XEnWDaIQxZBO8shg6d
8JAV5YPuiuJKnVbjGCnp6uEkQ8cWRS1y3m5BHNmg38PdZauf9iGsGUEZ+M3gCKYQ
KW7dVTht65bXLklFQbizYS9O0/WsPgVC3eoR07ogLS0sODLIYRLmucNGcd8RZZwI
AZ43gXArr5QLRMFM5mEixPejPhrrqfnWPlrqorMte3ac5LmqN1ZChHS/M1Qv/aAv
txCTPk8IunB7PV7W7a8ozosh2ZHeR+DGonRQ7zY6O7mLt43vkH+L8kMOoctJWIdr
wvQ2MawN2tFDGQS3ZO+7sRRinD59QGu7+nBZ7Usz8YokyaGBE/YEfXc/m3qD2P1E
PrR+vYsnv8d7rjPAMFjea9taRoFEyhuJGiQmADzpA6jiwoC5f46AKWs/OnPltrM5
QrQae0Y5ztE=
=Xl36
-----END PGP SIGNATURE-----