Executive Summary

Summary
Title Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
Informations
Name cisco-sa-20090225-ace First vendor Publication 2009-01-07
Vendor Cisco Last vendor Modification 2009-02-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can could result in any of the following impacts:

* Administrative level access via default user names and passwords
* Privilege escalation
* A denial of service (DoS) condition

Cisco has released free software updates available for affected customers. Workarounds that mitigate some of the vulnerabilities are available.

Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7 (...)

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-310 Cryptographic Issues
25 % CWE-255 Credentials Management
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')
25 % CWE-16 Configuration

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Hardware 7
Hardware 7

OpenVAS Exploits

Date Description
2009-06-05 Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
52388 Cisco ACE Application Control Engine username Command Cleartext Password Storage

52387 Cisco ACE Application Control Engine Crafted SNMPv3 Packet Remote DoS

52386 Cisco ACE Application Control Engine Crafted SNMPv1 Packet Remote DoS

52385 Cisco ACE Application Control Engine Crafted SSH Packet Remote DoS

52384 Cisco ACE Application Control Engine CLI Unspecified Privilege Escalation

52383 Cisco ACE Application Control Engine Appliance Multiple Default Accounts

52382 Cisco ACE 4710 Application Control Engine Module for Routers Multiple Default...

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 00:42:33
  • Multiple Updates