Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine |
Informations | |||
---|---|---|---|
Name | cisco-sa-20090225-ace | First vendor Publication | 2009-01-07 |
Vendor | Cisco | Last vendor Modification | 2009-02-25 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine Cisco ACE Module and Cisco ACE 4710 Application Control Engine contain multiple vulnerabilities that, if exploited, can could result in any of the following impacts: * Administrative level access via default user names and passwords Cisco has released free software updates available for affected customers. Workarounds that mitigate some of the vulnerabilities are available. Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-310 | Cryptographic Issues |
25 % | CWE-255 | Credentials Management |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-05 | Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52388 | Cisco ACE Application Control Engine username Command Cleartext Password Storage |
52387 | Cisco ACE Application Control Engine Crafted SNMPv3 Packet Remote DoS |
52386 | Cisco ACE Application Control Engine Crafted SNMPv1 Packet Remote DoS |
52385 | Cisco ACE Application Control Engine Crafted SSH Packet Remote DoS |
52384 | Cisco ACE Application Control Engine CLI Unspecified Privilege Escalation |
52383 | Cisco ACE Application Control Engine Appliance Multiple Default Accounts |
52382 | Cisco ACE 4710 Application Control Engine Module for Routers Multiple Default... |
Alert History
Date | Informations |
---|---|
2013-05-11 00:42:33 |
|