Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities

2013-08-21T16:00:00
ID CISCO-SA-20130821-HCM
Type cisco
Reporter Cisco
Modified 2013-08-21T20:02:44

Description

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition using the Omnibus Port.

The vulnerability is due to the improper handling of TCP packets sent to the Omnibus Port (port 5400). An attacker could exploit this vulnerability by sending a TCP flood to the affected port. An exploit could allow the attacker to trigger a disk exhaustion condition which could disrupt services and cause a DoS condition on the affected system.

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to the improper handling of TCP packets sent to the Prime Central Ephemeral Java Port (port 44444). An attacker could exploit this vulnerability by sending a large amount of TCP packets to the affected port. A successful exploit could allow the attacker to consume all available memory and cause a DoS condition on the affected system.

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a memory leak in the processing of TCP packets. An attacker could exploit this vulnerability by sending a TCP connection flood to the ephemeral ports. A successful exploit could allow the attacker to disrupt services and create a DoS condition on the affected system.

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) using the ActiveMQ Broker ports.

The vulnerability is due to excessive memory consumption by the affected software while processing large amounts of TCP packets. An attacker could exploit this vulnerability by sending a TCP flood to the affected ports. An exploit could allow the attacker to disrupt services and cause a denial of service condition on the affected system.

Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could interrupt the monitoring of voice services and exhaust system resources.

Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm"]