copyright | disclaimer | privacy | contact

HOME   About AusCERT   Membership   Contact Us   PKI Services   Training   Publications   Sec. Bulletins   Conferences   News & Media   Services   Web Log   Site Map   Site Help   Member login Login »  Become a member »   Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2012.1048.2 - UPDATE [Win][Linux] Cisco Prime Da...   ESB-2012.1048.2 - UPDATE [Win][Linux] Cisco Prime Data Center Network Manager: Execute arbitrary code/commands - Remote/unauthenticated Date: 09 May 2013 Click here for printable version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1048.2 Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability 9 May 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Prime Data Center Network Manager Publisher: Cisco Systems Operating System: Windows Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-5417 Revision History: May 9 2013: Cisco found that an additional component of DCNM was also affected by the previous CVE November 1 2012: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability Advisory ID: cisco-sa-20121031-dcnm Revision 2.0 Last Updated 2013 May 08 16:00 UTC (GMT) For Public Release 2012 October 31 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released free software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm Note: After this advisory was initially published, it was found that in addition to the DCNM SAN server component that is part of the DCNM solution, the DCNM LAN server is also affected by the same vulnerability. This advisory has been updated to revision 2.0 to indicate that the DCNM LAN server component is also vulnerable, to provide the Cisco bug ID that tracks the vulnerability in the DCNM LAN server component, and to update fixed software information. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iF4EAREIAAYFAlGKc/0ACgkQUddfH3/BbTr51AD/e7nVceiqF36VT7LQ5YmcjMax RMkX04N8wsdOgdZRyXkA+gMSU94ERrtaerlOHWlBBnhmFnLNcXYyCuS9Suobtcvc =eECl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUYrjVe4yVqjM2NGpAQI9Zg/+MeOf1JX2mj7mt3RTHEFRp3xrWyJJAlPo R8KSK8IfznnFqeVNOlkRt6er2MF4EnCbIjOckmyy7YH386KV2Mnk1t0brs8nzU2d IxeEeylrkbeioz+6wZznsoiC1WmpKmv3Un6kyjzFaKFbCmuTev2j0NSxj2xPeT1R 0epfQbWk+X4/vZLrVkixOaEKFqAdY+ucBt+AyOkeryPWDe+iikso4OKmvmuHyDmy lHo4qEIPJNgopecOAAWQ5zK0yaf01lNotYydqVLxjmkXe2FCPIa4SnEMPA23KChP cQWmKKnCc13SEMryPsvTVarMmAB9vvBWZ9MwIQGXbJ+olI9GKBjQFc5rhjohXnJk LQy3oW07HsRbbu5JnuYdee29QfJxmKzCG6On14UKl46Me5WM33MfsyIcRILNAFRF p6JP8LxFWyt8BXDm3wnO7XldhQTjHBjW4T+1CufVIk19mtWZAm5+hvbEkGiSGsml n0547TZhTjL3Py7JBGQQV4r3a3NsMbniKU1iil73H2WLuzvbXv8S83wbDCddV63n zKmxdvajhJuEZu3C7SUUM7T9+jIo6ziOVXnbx8u704IthVIQ9brF1ykn/Z9LRgZS w6LESssvNOWbRYSc0KWZkr15e14r2QyOSVBot8cBvkGujz0G7nLQdc8m/ydW86yy nlts1kZw6jA= =ZzKg -----END PGP SIGNATURE-----

Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=16538