Cisco Prime LAN Management Solution ntpd Multiple Vulnerabilities

High Nessus Plugin ID 83877

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

A network management system on the remote host is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Cisco Prime LAN Management Solution running on the remote host is affected by multiple vulnerabilities :

- A security weakness exists due to the config_auth() function improperly generating default keys when no authentication key is defined in the 'ntp.conf' file.
Key size is limited to 31 bits and the insecure ntp_random() function is used, resulting in cryptographically weak keys with insufficient entropy.
This allows a remote attacker to defeat cryptographic protection mechanisms via a brute-force attack.
(CVE-2014-9293)

- A security weakness exists due the use of a weak seed to prepare a random number generator used to generate symmetric keys. This allows remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. (CVE-2014-9294)

- Multiple stack-based buffer overflows exist due to improperly validated user-supplied input when handling packets in the crypto_recv(), ctl_putdata(), and configure() functions when using autokey authentication.
This allows a remote attacker, via a specially crafted packet, to cause a denial of service condition or execute arbitrary code. (CVE-2014-9295)

- A unspecified vulnerability exists due to missing return statements in the receive() function, resulting in continued processing even when an authentication error is encountered. This allows a remote attacker, via crafted packets, to trigger unintended association changes. (CVE-2014-9296)

Solution

Upgrade to Cisco Prime LMS 4.2(5.3) or later.

See Also

http://www.nessus.org/u?292ffa4a

Plugin Details

Severity: High

ID: 83877

File Name: cisco_prime_lms_sa-20141222-ntpd.nasl

Version: 1.7

Type: remote

Family: CISCO

Published: 2015/05/28

Updated: 2018/11/15

Dependencies: 64789

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:prime_lan_management_solution

Required KB Items: www/cisco_lms, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/04/01

Vulnerability Publication Date: 2014/12/19

Reference Information

CVE: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296

BID: 71757, 71758, 71761, 71762

CISCO-BUG-ID: CSCus27300

CISCO-SA: cisco-sa-20141222-ntpd

CERT: 852879