Secunia Security Advisory - Multiple vulnerabilities have been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions, gain escalated privileges, and cause a DoS (Denial of Service), and by malicious people to cause a DoS.
8b7c0fb8a7113dc40719a993bda08e4ec3b9e3f1e49a6bbbadf1d759d37c9b6b
----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed
information such as exploit code availability, or if an updated patch
is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
Cisco Application Control Engine Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34022
VERIFY ADVISORY:
http://secunia.com/advisories/34022/
DESCRIPTION:
Multiple vulnerabilities have been reported in Cisco Application
Control Engine products, which can be exploited by malicious users to
bypass certain security restrictions, gain escalated privileges, and
cause a DoS (Denial of Service), and by malicious people to cause a
DoS.
1) A vulnerability is caused due input validation errors within the
ACE Device Manager. This can be exploited to access restricted ACE
operating system and host operating system files via directory
traversal attacks.
The vulnerability is reported in all versions of the ACE Device
Manager prior to A3(2.1).
2) An unspecified error can be exploited to invoke administrative
commands via the command line interface.
The vulnerability is reported in Cisco ACE 4710 Application Control
Engine appliance prior to A1(8a) and the Cisco ACE Application
Control Engine Module prior to version A2(1.2).
3) A vulnerability is caused due to an error when processing
malformed SSH packets. This can be exploited to cause a vulnerable
device to reload by sending a specially crafted SSH packet.
Successful exploitation requires that SSH is enabled (not enabled by
default).
The vulnerability is reported in Cisco ACE 4710 Application Control
Engine appliance prior to software version A3(2.1) and the Cisco ACE
Application Control Engine Module prior to software version A2(1.3).
4) A vulnerability is caused due to an error when processing
malformed SNMPv1 packets. This can be exploited to cause a vulnerable
device to reload by sending a specially crafted SNMPv1 packet.
Successful exploitation requires valid user credentials and SNMPv2c
is enabled (not enabled by default).
The vulnerability is reported in Cisco ACE 4710 Application Control
Engine appliance prior to software version A3(2.1) and the Cisco ACE
Application Control Engine Module prior to software version A2(1.3).
5) A vulnerability is caused due to an error when processing
malformed SNMPv3 packets. This can be exploited to cause a vulnerable
device to reload by sending a specially crafted SNMPv3 packet.
Successful exploitation requires that SNMPv3 is enabled (not enabled
by default).
The vulnerability is reported in Cisco ACE 4710 Application Control
Engine appliance prior to software version A1(8.0) and the Cisco ACE
Application Control Engine Module prior to software version A2(1.2).
SOLUTION:
Apply updates. See vendor's advisory for details.
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits the National Australia Bank's Security
Assurance team.
2-5) Reported by the vendor.
ORIGINAL ADVISORY:
1) http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml
2-5) http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml
OTHER REFERENCES:
1)
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a7bd25.html
3-5)
http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a7bd0a.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------