---------------------------------------------------------------------- Did you know? Our assessment and impact rating along with detailed information such as exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more about our commercial solutions: http://secunia.com/advisories/business_solutions/ Click here to trial our solutions: http://secunia.com/advisories/try_vi/ ---------------------------------------------------------------------- TITLE: Cisco Application Control Engine Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34022 VERIFY ADVISORY: http://secunia.com/advisories/34022/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Application Control Engine products, which can be exploited by malicious users to bypass certain security restrictions, gain escalated privileges, and cause a DoS (Denial of Service), and by malicious people to cause a DoS. 1) A vulnerability is caused due input validation errors within the ACE Device Manager. This can be exploited to access restricted ACE operating system and host operating system files via directory traversal attacks. The vulnerability is reported in all versions of the ACE Device Manager prior to A3(2.1). 2) An unspecified error can be exploited to invoke administrative commands via the command line interface. The vulnerability is reported in Cisco ACE 4710 Application Control Engine appliance prior to A1(8a) and the Cisco ACE Application Control Engine Module prior to version A2(1.2). 3) A vulnerability is caused due to an error when processing malformed SSH packets. This can be exploited to cause a vulnerable device to reload by sending a specially crafted SSH packet. Successful exploitation requires that SSH is enabled (not enabled by default). The vulnerability is reported in Cisco ACE 4710 Application Control Engine appliance prior to software version A3(2.1) and the Cisco ACE Application Control Engine Module prior to software version A2(1.3). 4) A vulnerability is caused due to an error when processing malformed SNMPv1 packets. This can be exploited to cause a vulnerable device to reload by sending a specially crafted SNMPv1 packet. Successful exploitation requires valid user credentials and SNMPv2c is enabled (not enabled by default). The vulnerability is reported in Cisco ACE 4710 Application Control Engine appliance prior to software version A3(2.1) and the Cisco ACE Application Control Engine Module prior to software version A2(1.3). 5) A vulnerability is caused due to an error when processing malformed SNMPv3 packets. This can be exploited to cause a vulnerable device to reload by sending a specially crafted SNMPv3 packet. Successful exploitation requires that SNMPv3 is enabled (not enabled by default). The vulnerability is reported in Cisco ACE 4710 Application Control Engine appliance prior to software version A1(8.0) and the Cisco ACE Application Control Engine Module prior to software version A2(1.2). SOLUTION: Apply updates. See vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits the National Australia Bank's Security Assurance team. 2-5) Reported by the vendor. ORIGINAL ADVISORY: 1) http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml 2-5) http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml OTHER REFERENCES: 1) http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a7bd25.html 3-5) http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a7bd0a.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------