[c-nsp] Cisco Security Advisory: Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Thu Sep 8 13:03:32 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

Advisory ID: cisco-sa-20160908-ace

Revision 1.0

For Public Release 2016 September 8 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.

The vulnerability is due to incomplete input validation checks in the SSL/TLS code. An attacker could exploit this vulnerability by sending specific SSL/TLS packets to the affected device. An exploit could allow the attacker to trigger a reload of the affected device.

Cisco has confirmed the vulnerability; however, software updates are currently not available. Cisco will released software updates that address the vulnerability described in this advisory. The advisory will be updated once an estimated software fix availability date is made available.

There are no workarounds that address this vulnerability. 

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV9GYXa89gD3EAJB5AQJdyA/6As6KAlNIrMNN2IGR/FwEHVttskJhNOUq
998WL4vt5rExzt41OYs2hslDGoGVkU7y3BWOYOtXs2deYFlGeflm+VC/ITg0UCzP
7FCqUm0yKCW6T2hwJyauRbbbOrlbs56YRmfUDUwmL9B4lYm03/fJen18gdS4+G/g
8wTKw1CfYklzjKkGvR0BCXmlNWEpsYfsgnozHUh1ZnJgU18fQ1fADY78aXtY34ID
3WqIQXRAHgK8aJE4P90VAqcVyRMbbfqMmbX3SZic5GjFNo30tOG6mUD9q3R1kX6v
cu2T22T532E4Ed3ZKujbdbLfw1SY99ESLLh5VLBuih4vx2C93ZTSFVr5elQwSeqC
BqiBKOaqMhS1ae7HrgThifayRrXa1z15+U4CMf9NJ6FieH7Jib7/W/J8V4S6X4k7
yk9TkVr/hur7P61qXzLdSRi11mCw6pt+Ed5rK1Mb9/sB9O6ddXQJQBN6e8KCvYCU
SyEUAGelAffekTPfesLD9xpE03Oep3dsiX8O/yJagTdQQ+DWqUbxSnADm2PfHVS6
ZPdrGDmXjgRnAIVpPGbZ1P7EzotCdiNmea4POdFf+Xvg/F1pdnNJKrIed2R+P2c8
TUnmePi5oQGe4uVChUttKYmBjU79sp95l4G0r0XqtVFuKXOyujQGuf3y0IQ4ZCiA
4E2s2KryJkE=
=eB0d
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list