Cisco Prime Security Manager Log Retention DoS (cisco-sa-20120912-asacx)

high Nessus Plugin ID 62182

Synopsis

The management application running on the remote host is affected by a denial of service vulnerability.

Description

According to its self-reported version number, the version of Cisco Prime Security Manager running on the remote is affected by a denial of service vulnerability. Making unspecified requests can cause log files to exhaust the /var/log partition. A remote, unauthenticated attacker can exploit this to make the system unresponsive.

Solution

Upgrade to Cisco Prime Security Manager 9.0.2-103 or later.

See Also

http://www.nessus.org/u?f1947679

http://www.nessus.org/u?ac18b3cf

Plugin Details

Severity: High

ID: 62182

File Name: cisco_log_retention_dos.nasl

Version: 1.13

Type: remote

Family: CGI abuses

Published: 9/18/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_security_manager

Required KB Items: installed_sw/Cisco PRSM

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2012

Vulnerability Publication Date: 9/12/2012

Reference Information

CVE: CVE-2012-4629

BID: 55515

CISCO-SA: cisco-sa-20120912-asacx

CISCO-BUG-ID: CSCub70603