Vigil@nce - Cisco Prime Central for HCS Assurance: denial of service via TLS
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed TLS message to Cisco Prime
Central for Hosted Collaboration Solution Assurance, in order to
create an infinite loop.
Impacted products: Cisco Prime
Severity: 2/4
Creation date: 27/02/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco Prime Central for Hosted Collaboration Solution
Assurance product listen with TLS on ports 9043/tcp and 9443/tcp.
However, a special message triggers an infinite loop. Technical
details are unknown.
An attacker can therefore send a malformed TLS message to Cisco
Prime Central for Hosted Collaboration Solution Assurance, in
order to create an infinite loop.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN