11 matches found
CVE-2009-0622
CVE-2009-0622 affects Cisco ACE Application Control Engine Module for Catalyst 6500/7600 and Cisco ACE 4710 Appliance. Multiple vulnerabilities exist, including default credentials (leading to credential compromise and potential OS access via the device CLI), privilege escalation for authenticate...
CVE-2009-0621
CVE-2009-0621 affects the Cisco ACE 4710 Application Control Engine appliance and the ACE Module. The advisory and multiple sources state that default administrator, web management, and (for the appliance) device-management credentials allow a remote attacker to modify configuration or gain OS ac...
CVE-2009-0625
CVE-2009-0625 affects Cisco ACE 4710 Appliance and Cisco ACE Module for Catalyst 6500/7600. The Cisco advisory details multiple separate vulnerabilities: Default usernames and passwords (affecting ACE 4710 before A1(8a) and ACE Module before A2(1.2/1.1)); Privilege Escalation (ACE 4710 before A1(...
CVE-2010-2825
CVE-2010-2825 affects Cisco ACE (Application Control Engine) Module and ACE 4710, exposing a SIP inspection DoS that can trigger a device reload when processing crafted SIP packets over TCP or UDP. Affected software lines include ACE Module A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), A2(3.x) ...
CVE-2010-2822
CVE-2010-2822 refers to a DoS via crafted RTSP packets over TCP affecting Cisco ACE Module (Catalyst 6500/7600) and ACE 4710 appliance. Root cause: RTSP inspection vulnerability enabling device reload under unauthenticated traffic with RTSP inspection enabled. Affected software: ACE Module prior ...
CVE-2009-0623
The CVE-2009-0623 entry applies to Cisco ACE Application Control Engine Module for Catalyst 6500/7600 and Cisco ACE 4710 Appliance. Affected vulnerabilities include Crafted SSH Packet which can cause the device to reload (DoS) when SSH access is configured. The Cisco advisory lists affected compo...
CVE-2010-1576
Mode C Vulnerability: CVE-2010-1576 affects Cisco CSS 11500 (pre-8.20.4.02) and Cisco ACE 4710 (pre-A2(3.0)); the issue is improper handling of HTTP header end-of-line sequences (LF, CR, LFCR vs CRLF), enabling header insertion bypass and HTTP request smuggling via crafted headers (e.g., ClientCe...
CVE-2009-0624
CVE-2009-0624 affects Cisco ACE 4710 Appliance and Cisco ACE Module for Catalyst 6500/7600, with vulnerability in SNMP handling. A crafted SNMP packet (SNMPv1 noted, SNMPv2c must be enabled to process) can cause the device to reload, resulting in a DoS. Affected versions are prior to A3(2.1) for ...
CVE-2010-2823
CVE-2010-2823 concerns the Cisco ACE 4710 and ACE Module deep packet inspection DoS vulnerabilities triggered by crafted HTTP/RTSP/SIP packets. The advisory assigns separate CVEs for RTSP, HTTP/RTSP/SIP, SSL, and SIP inspection DoS. Affected devices can experience device reloads (DoS) when inspec...
CVE-2010-2629
CVE-2010-2629 and CVE-2010-1576 describe HTTP header handling flaws in Cisco CSS 11500 and ACE 4710, enabling HTTP request smuggling via LF/CRLF header terminators and potential header spoofing of ClientCert-* fields when GET lines are CRLF-terminated and mixed newline sequences occur. The issue ...
CVE-2009-0742
CVE-2009-0742 affects Cisco ACE Platform components (ACE Application Control Engine Module for Catalyst 6500/7600 and ACE 4710 Appliance). The issue is that the username command stores a cleartext password by default, enabling context-dependent attackers to obtain sensitive information. The NVD e...