The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Prime Central for HCS

computer vulnerability announce CVE-2013-5562

Cisco Prime Central for HCS: denial of service via TCP

Synthesis of the vulnerability

An attacker can send numerous TCP data to the ITM web interface of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 05/11/2013.
Identifiers: BID-63514, CSCuh36313, CVE-2013-5562, VIGILANCE-VUL-13707.

Description of the vulnerability

An attacker can send numerous TCP data to the ITM web interface of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5564

Cisco Prime Central for HCS: denial of service via TCP

Synthesis of the vulnerability

An attacker can send numerous TCP data to a Java process of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 04/11/2013.
Identifiers: BID-63490, CSCug57345, CVE-2013-5564, VIGILANCE-VUL-13693.

Description of the vulnerability

An attacker can send numerous TCP data to a Java process of Cisco Prime Central for Hosted Collaboration Solution, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-3409

Cisco Prime Central for HCS: password disclosure

Synthesis of the vulnerability

A local attacker can read Cisco Prime Central for HCS logs, in order to obtain passwords, to access to the database for example.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 10/10/2013.
Identifiers: BID-62924, CSCuh33735, CSCuh34230, CVE-2013-3409, VIGILANCE-VUL-13579.

Description of the vulnerability

The Cisco Prime Central for HCS product logs passwords.

However, access privileges to the temporary log file are not restricted.

A local attacker can therefore read Cisco Prime Central for HCS logs, in order to obtain passwords, to access to the database for example.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2013-3473

Cisco Prime Central for Hosted Collaboration Solution Assurance: password disclosure

Synthesis of the vulnerability

An unauthenticated attacker can use Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to obtain the list of logins and passwords.
Impacted products: Cisco Prime Central for HCS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading.
Provenance: intranet client.
Creation date: 18/09/2013.
Identifiers: BID-62489, CERTA-2013-AVI-533, cisco-sa-20130918-pc, CSCud32600, CVE-2013-3473, VIGILANCE-VUL-13444.

Description of the vulnerability

The Cisco Prime Central for HCS Assurance product offers a web service.

However, an attacker can use an HTTP query, in order to list user names and their passwords.

An unauthenticated attacker can therefore use Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to obtain the list of logins and passwords.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-3387 CVE-2013-3388 CVE-2013-3389

Cisco Prime Central for HCS Assurance: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Prime Central for HCS Assurance.
Impacted products: Cisco Prime Central for HCS.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 21/08/2013.
Identifiers: BID-61912, BID-61914, BID-61916, BID-61920, CERTA-2013-AVI-491, cisco-sa-20130821-hcm, CSCtz90114, CSCtz92776, CSCua42724, CSCub59158, CVE-2013-3387, CVE-2013-3388, CVE-2013-3389, CVE-2013-3390, VIGILANCE-VUL-13302.

Description of the vulnerability

Several vulnerabilities were announced in Cisco Prime Central for Hosted Collaboration Solution Assurance.

An attacker can create a memory leak via TCP, in order to trigger a denial of service. [severity:3/4; BID-61914, CSCub59158, CVE-2013-3390]

An attacker can create a memory leak via ports 61615/tcp and 61616/tcp, in order to trigger a denial of service. [severity:3/4; BID-61912, CSCtz90114, CVE-2013-3389]

An attacker can create a memory leak via the Ephemeral Java Port, in order to trigger a denial of service. [severity:3/4; BID-61916, CSCtz92776, CVE-2013-3388]

An attacker can fill the disk, in order to trigger a denial of service. [severity:3/4; BID-61920, CSCua42724, CVE-2013-3387]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2013-3375

Cisco Prime Central: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Cisco Prime Central, in order to execute JavaScript code in the context of the web site.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 18/06/2013.
Identifiers: CSCue23798, CVE-2013-3375, VIGILANCE-VUL-12990.

Description of the vulnerability

Cisco Prime includes a Web portal.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Cisco Prime Central, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2013-1156 CVE-2013-1157 CVE-2013-1158

Cisco Prime Central for Hosted Collaboration Solution: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Cisco Prime Central for Hosted Collaboration Solution.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 02/05/2013.
Identifiers: BID-59632, BID-59635, BID-59696, BID-59697, BID-59702, CSCud51034, CSCud51068, CSCud54397, CSCud56706, CSCud56743, CVE-2013-1156, CVE-2013-1157, CVE-2013-1158, CVE-2013-1159, CVE-2013-1160, VIGILANCE-VUL-12746.

Description of the vulnerability

Several vulnerabilities were announced in Cisco Prime Central for Hosted Collaboration Solution.

An attacker can traverse a directory, in order to read a file. [severity:2/4; BID-59702, CSCud51034, CVE-2013-1156]

An attacker can trigger a Cross Site Scripting of ITM Java Servlet Container, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59632, CSCud51068, CVE-2013-1157]

An attacker can trigger a Cross Site Scripting in ITM Help Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59635, CSCud54397, CVE-2013-1158]

An attacker can trigger a Cross Site Scripting in NCI Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59697, CSCud56706, CVE-2013-1159]

An attacker can trigger a Cross Site Scripting in OpenView Web Menus, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-59696, CSCud56743, CVE-2013-1160]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-1174

Cisco Prime Central for HCS Assurance: denial of service via TBSM

Synthesis of the vulnerability

An attacker can send numerous packets to Cisco TBSM of Cisco Prime Central for HCS Assurance, in order to trigger a denial of service.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 08/04/2013.
Identifiers: BID-58907, CSCue03703, CVE-2013-1174, VIGILANCE-VUL-12612.

Description of the vulnerability

The Cisco Prime Central for HCS Assurance product uses Cisco Tivoli Business Service Manager (TBSM).

However, Cisco TBSM does not correctly process packets received on ports 17310-17542/tcp.

An attacker can therefore send numerous packets to Cisco TBSM of Cisco Prime Central for HCS Assurance, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-1135

Cisco Prime Central for HCS Assurance: denial of service via TLS

Synthesis of the vulnerability

An attacker can send a malformed TLS message to Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to create an infinite loop.
Impacted products: Cisco Prime Central for HCS.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 27/02/2013.
Identifiers: 28034, BID-58206, CERTA-2013-AVI-157, cisco-sa-20130227-hcs, CSCuc07155, CVE-2013-1135, VIGILANCE-VUL-12473.

Description of the vulnerability

The Cisco Prime Central for Hosted Collaboration Solution Assurance product listen with TLS on ports 9043/tcp and 9443/tcp.

However, a special message triggers an infinite loop.

An attacker can therefore send a malformed TLS message to Cisco Prime Central for Hosted Collaboration Solution Assurance, in order to create an infinite loop.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-2937 CVE-2006-2940 CVE-2006-3738

OpenSSL: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities have been discovered in OpenSSL, the worst one leading to code execution.
Impacted products: Arkoon FAST360, CiscoWorks, Cisco CSS, Cisco IPS, Cisco Prime Central for HCS, Secure ACS, WebNS, Debian, Fedora, FreeBSD, F-Secure AV, Tru64 UNIX, HP-UX, BIND, Mandriva Linux, Mandriva NF, Windows (platform) ~ not comprehensive, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, OpenSSL, openSUSE, Solaris, RHEL, Slackware, TurboLinux.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 29/09/2006.
Revision date: 20/12/2007.
Identifiers: 102711, 102747, 20061001-01-P, 6476279, AK-2006-06, AK-2006-07, BID-20246, BID-20247, BID-20248, BID-20249, BID-26093, c00805100, c00849540, c00967144, CERTA-2006-AVI-421, CERTA-2006-AVI-448, CERTA-2006-AVI-454, CERTA-2006-AVI-521, CERTA-2007-AVI-051, CERTA-2008-AVI-141, cisco-sr-20061108-openssl, CSCek57074, CSCsg09619, CSCsg24311, CSCsg58599, CSCsg58607, CSCtx20378, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343, DSA-1185-1, DSA-1195-1, emr_na-c01203958-1, FEDORA-2006-1004, FreeBSD-SA-06:23.openssl, FSC-2006-6, HPSBTU02207, HPSBUX02174, HPSBUX02186, MDKSA-2006:172, MDKSA-2006:177, MDKSA-2006:178, NetBSD-SA2008-007, RHSA-2006:0695-01, RHSA-2008:0264-01, RHSA-2008:0525-01, SSA:2006-272-01, SSRT061213, SSRT061239, SSRT071299, SSRT071304, SUSE-SA:2006:058, SUSE-SR:2006:024, TLSA-2006-33, TLSA-2007-52, VIGILANCE-VUL-6185, VU#247744, VU#386964, VU#423396, VU#547300.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

Certain ASN.1 structures can generate an error leading to an infinite loop which will consumes system memory. This condition thus permits to generate a denial of service on the system. [severity:3/4; BID-20248, CERTA-2006-AVI-421, CERTA-2006-AVI-448, CERTA-2006-AVI-521, CERTA-2008-AVI-141, CVE-2006-2937, VU#247744]

Certain types of public keys encoded with ASN.1 can take an extremely long duration to be decoded. An attacker can thus use this vulnerability to generate a denial of service. [severity:3/4; BID-20247, CERTA-2007-AVI-051, CVE-2006-2940, VU#423396]

A buffer overflow in the SSL_get_shared_ciphers() function permits an attacker to run code on the system by sending a succession of malicious packets to an application using openssl. [severity:3/4; BID-20249, CVE-2006-3738, VU#547300]

An attacker can create a malicious SSLv2 server in order to generate a denial of service on connected clients. [severity:2/4; BID-20246, CVE-2006-4343, VU#386964]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Prime Central for HCS: