Executive Summary

Summary
Title Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
Informations
Name cisco-sa-20100811-ace First vendor Publication 2010-06-16
Vendor Cisco Last vendor Modification 2010-08-11
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities:

* Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
* HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability
* Secure Socket Layer (SSL) DoS vulnerability
* SIP inspection DoS vulnerability

Cisco has released free software updates for affected customers. Workarounds that mitigate some of the vulnerabilities are available.

Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another.

Original Source

Url : http://www.cisco.com/warp/public/707/cisco-sa-20100811-ace.shtml

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 6

Open Source Vulnerability Database (OSVDB)

Id Description
67195 Cisco Application Control Engine (ACE) SIP Inspection Feature Crafted Packet ...

67194 Cisco Application Control Engine (ACE) SSL Packet Sequence Remote DoS

67193 Cisco Application Control Engine (ACE) Deep Packet Inspection Feature Crafted...

67192 Cisco Application Control Engine (ACE) RTSP Inspection Feature Crafted Packet...