Date: 09 May 2013
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.1048.2
Cisco Prime Data Center Network Manager Remote Command
Execution Vulnerability
9 May 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Prime Data Center Network Manager
Publisher: Cisco Systems
Operating System: Windows
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5417
Revision History: May 9 2013: Cisco found that an additional component of
DCNM was also affected by the previous CVE
November 1 2012: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote
Command Execution Vulnerability
Advisory ID: cisco-sa-20121031-dcnm
Revision 2.0
Last Updated 2013 May 08 16:00 UTC (GMT)
For Public Release 2012 October 31 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco Prime Data Center Network Manager (DCNM) contains a remote command
execution vulnerability that could allow an unauthenticated, remote
attacker to execute arbitrary commands on the computer that is running
the Cisco Prime DCNM application.
Cisco has released free software updates that address this
vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm
Note: After this advisory was initially published, it was found
that in addition to the DCNM SAN server component that is part of
the DCNM solution, the DCNM LAN server is also affected by the same
vulnerability. This advisory has been updated to revision 2.0 to
indicate that the DCNM LAN server component is also vulnerable, to
provide the Cisco bug ID that tracks the vulnerability in the DCNM LAN
server component, and to update fixed software information.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iF4EAREIAAYFAlGKc/0ACgkQUddfH3/BbTr51AD/e7nVceiqF36VT7LQ5YmcjMax
RMkX04N8wsdOgdZRyXkA+gMSU94ERrtaerlOHWlBBnhmFnLNcXYyCuS9Suobtcvc
=eECl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUYrjVe4yVqjM2NGpAQI9Zg/+MeOf1JX2mj7mt3RTHEFRp3xrWyJJAlPo
R8KSK8IfznnFqeVNOlkRt6er2MF4EnCbIjOckmyy7YH386KV2Mnk1t0brs8nzU2d
IxeEeylrkbeioz+6wZznsoiC1WmpKmv3Un6kyjzFaKFbCmuTev2j0NSxj2xPeT1R
0epfQbWk+X4/vZLrVkixOaEKFqAdY+ucBt+AyOkeryPWDe+iikso4OKmvmuHyDmy
lHo4qEIPJNgopecOAAWQ5zK0yaf01lNotYydqVLxjmkXe2FCPIa4SnEMPA23KChP
cQWmKKnCc13SEMryPsvTVarMmAB9vvBWZ9MwIQGXbJ+olI9GKBjQFc5rhjohXnJk
LQy3oW07HsRbbu5JnuYdee29QfJxmKzCG6On14UKl46Me5WM33MfsyIcRILNAFRF
p6JP8LxFWyt8BXDm3wnO7XldhQTjHBjW4T+1CufVIk19mtWZAm5+hvbEkGiSGsml
n0547TZhTjL3Py7JBGQQV4r3a3NsMbniKU1iil73H2WLuzvbXv8S83wbDCddV63n
zKmxdvajhJuEZu3C7SUUM7T9+jIo6ziOVXnbx8u704IthVIQ9brF1ykn/Z9LRgZS
w6LESssvNOWbRYSc0KWZkr15e14r2QyOSVBot8cBvkGujz0G7nLQdc8m/ydW86yy
nlts1kZw6jA=
=ZzKg
-----END PGP SIGNATURE-----
|