Cisco Prime Data Center Network Manager ntpd Multiple Vulnerabilities (uncredentialed check)

high Nessus Plugin ID 83876
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A network management system on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Cisco Prime Data Center Network Manager (DCNM) running on the remote host is affected by multiple vulnerabilities :

- A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack.
(CVE-2014-9293)

- A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294)

- Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295)

- A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296)

- A security bypass vulnerability exists in the function read_network_packet() due to a failure to restrict ::1 source addresses on IPv6 interfaces. This allows a remote attacker to bypass configured ACLs based on ::1.
(CVE-2014-9298)

This plugin determines if DCNM is vulnerable by checking the version number displayed in the web interface. The web interface is not available in older versions of DCNM.

Solution

Upgrade to Cisco Prime Data Center Network Manager 7.1(2) or later.

See Also

http://www.nessus.org/u?292ffa4a

Plugin Details

Severity: High

ID: 83876

File Name: cisco-sa-20141222-ntpd-prime_dcnm.nasl

Version: 1.7

Type: remote

Family: CISCO

Published: 5/28/2015

Updated: 11/15/2018

Dependencies: cisco_prime_dcnm_web_detect.nasl

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_data_center_network_manager

Required KB Items: installed_sw/cisco_dcnm_web, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 3/31/2015

Vulnerability Publication Date: 12/19/2014

Reference Information

CVE: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296, CVE-2014-9298

BID: 71757, 71758, 71761, 71762, 72583, 72584

CISCO-BUG-ID: CSCus27527, CSCus88284

CISCO-SA: cisco-sa-20141222-ntpd

CERT: 852879