{"cisco": [{"lastseen": "2018-04-07T04:12:29", "bulletinFamily": "software", "description": "", "modified": "2009-02-25T16:00:00", "published": "2009-02-25T16:00:00", "id": "CISCO-SA-20090225-ACE", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090225-ace", "type": "cisco", "title": "Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-26T15:34:11", "bulletinFamily": "software", "description": "", "modified": "2009-02-25T16:00:00", "published": "2009-02-25T16:00:00", "id": "CISCO-SA-20090225-ANM", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090225-anm", "type": "cisco", "title": "Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE\r\nApplication Control Engine Module and Cisco ACE 4710 Application\r\nControl Engine\r\n\r\nDocument ID: 109450\r\n\r\nAdvisory ID: cisco-sa-20090225-ace\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 February 25 1600 UTC (GMT)\r\n\r\n- ---------------------------------------------------------------------\r\n\r\nSummary\r\n=======\r\n\r\nThe Cisco ACE Application Control Engine Module and Cisco ACE 4710\r\nApplication Control Engine Cisco ACE Module and Cisco ACE 4710\r\nApplication Control Engine contain multiple vulnerabilities that, if\r\nexploited, can could result in any of the following impacts:\r\n\r\n * Administrative level access via default user names and passwords\r\n * Privilege escalation\r\n * A denial of service (DoS) condition\r\n\r\nCisco has released free software updates available for affected\r\ncustomers. Workarounds that mitigate some of the vulnerabilities are\r\navailable.\r\n\r\nNote: These vulnerabilities are independent of each other. A device\r\nmay be affected by one vulnerability and not affected by another.\r\n\r\nThis advisory is posted at \r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml\r\n\r\nNote: This advisory is being released simultaneously with a multiple\r\nvulnerability disclosure advisory that impacts the Cisco 4700 Series\r\nApplication Control Engine Device Manager and Application Networking\r\nManager module software.\r\n\r\nThis advisory is posted at \r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml\r\n\r\nAffected Products\r\n=================\r\n\r\nVulnerable Products\r\n+------------------\r\n\r\nThe following table displays the products that are affected by each\r\nvulnerability that is described within this advisory.\r\n\r\n+-------------------------------------------------------------------+\r\n| | Products and Versions |\r\n| | Affected |\r\n|Vulnerability |-----------------------------|\r\n| | Cisco ACE | Cisco ACE |\r\n| | 4710 | Module |\r\n| | Appliance | |\r\n|-------------------------------------+--------------+--------------|\r\n| | All versions | All versions |\r\n| Default Usernames and Passwords | prior to A1 | prior to A2 |\r\n| | (8a) | (1.1) |\r\n|-------------------------------------+--------------+--------------|\r\n| | All versions | All versions |\r\n| Privilege Escalation Vulnerability | prior to A1 | prior to A2 |\r\n| | (8a) | (1.2) |\r\n|-------------------------------------+--------------+--------------|\r\n| | All versions | All versions |\r\n| Crafted SSH Packet Vulnerability | prior to A3 | prior to A2 |\r\n| | (2.1) | (1.3) |\r\n|-------------------------------------+--------------+--------------|\r\n| Crafted Simple Network Management | All versions | All versions |\r\n| Protocol version 2 (SNMPv2) Packet | prior to A3 | prior to A2 |\r\n| Vulnerability | (2.1) | (1.3) |\r\n|-------------------------------------+--------------+--------------|\r\n| | All versions | All versions |\r\n| Crafted SNMPv3 Packet Vulnerability | prior to A1 | prior to A2 |\r\n| | (8.0) | (1.2) |\r\n+-------------------------------------------------------------------+\r\n\r\nDetermining Software Versions\r\n+----------------------------\r\n\r\nTo display the version of system software that is currently running\r\non Cisco ACE Application Control Engine, use the show version\r\ncommand. The following example displays the output of the show\r\nversion command on the Cisco ACE Application Control Engine software\r\nversion A3(1.0):\r\n\r\n ACE-4710/Admin# show version\r\n Cisco Application Control Software (ACSW)\r\n TAC support: http://www.cisco.com/tac\r\n Copyright (c) 1985-2008 by Cisco Systems, Inc. All rights reserved.\r\n The copyrights to certain works contained herein are owned by\r\n other third parties and are used and distributed under license.\r\n Some parts of this software are covered under the GNU Public\r\n License. A copy of the license is available at\r\n http://www.gnu.org/licenses/gpl.html\r\n\r\n Software\r\n loader: Version 0.95\r\n system: Version A3(1.0) [build 3.0(0)A3(0.0.148)\r\nadbuild_03:31:25-2008/08/06_/auto/adbure_nightly2/nightly_rel_a3_1_0_throttle/REL_3_0_0_A3_0_0\r\n system image file: (nd)/192.168.65.31/scimitar.bin\r\n\r\n Device Manager version 1.1 (0) 20080805:0415\r\n\r\n ...\r\n <output truncated>\r\n\r\nThe following example displays the output of the show version command\r\non a Cisco ACE Application Control Engine module software version A1(1):\r\n\r\n ACE-mod/Admin# show version\r\n Cisco Application Control Software (ACSW)\r\n TAC support: http://www.cisco.com/tac\r\n Copyright (c) 2002-2006, Cisco Systems, Inc. All rights reserved.\r\n The copyrights to certain works contained herein are owned by\r\n other third parties and are used and distributed under license.\r\n Some parts of this software are covered under the GNU Public\r\n License. A copy of the license is available at\r\n http://www.gnu.org/licenses/gpl.html\r\n\r\n Software\r\n loader: Version 12.2[117]\r\n system: Version 3.0(0)A1(1) [build 3.0(0)A1(1) _01:26:21-2006/03/13_/auto/adbu-rel/ws/REL_3_0_0_A1_1]\r\n\r\n system image file: [LCP] disk0:c6ace-t1k9-mzg.3.0.0_A1_1.bin\r\n licensed features: no feature license is installed\r\n ...\r\n <output truncated>\r\n\r\nProducts Confirmed Not Vulnerable\r\n+--------------------------------\r\n\r\nThe Cisco ACE XML Gateway, the Cisco ACE Web Application Firewall,\r\nand the Cisco ACE GSS 4400 Series Global Site Selector Appliances are\r\nnot affected by any of the vulnerabilities that are described in this\r\nadvisory. No other Cisco products are currently known to be affected\r\nby these vulnerabilities.\r\n\r\nDetails\r\n=======\r\n\r\nThe Cisco ACE 4710 Application Control Engine appliance and the Cisco\r\nACE Application Control Engine Module for Cisco Catalyst 6500 Series\r\nSwitches and Cisco 7600 Series Routers are a load-balancing and\r\napplication-delivery solution for data centers. Multiple\r\nvulnerabilities exist in both products. The following information\r\nprovides the details about each of the vulnerabilities that are\r\naddressed in this advisory.\r\n\r\nDefault Usernames and Passwords\r\n+------------------------------\r\n\r\nVersions of the Cisco ACE 4710 Application Control Engine appliance\r\nprior to software version A1(8a) use default administrator, web\r\nmanagement, and device management account credentials. Similarly,\r\nsoftware versions of the Cisco ACE Application Control Engine Module\r\nprior to software version A2(1.1) use default administrator and web\r\nmanagement credentials. The appliance and module do not prompt users\r\nto modify system account passwords during the initial configuration\r\nprocess. An attacker with knowledge of these accounts could modify\r\nthe application configuration and, in certain instances, gain user\r\naccess to the host operating system.\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs and\r\nhave been assigned the following Common Vulnerability and Exposures\r\n(CVE) IDs:\r\n\r\n * Cisco ACE Application Control Engine Module: CSCsq43828 (\r\n registered customers only) - CVE-2009-0620\r\n * Cisco ACE Application Control Engine Appliance: CSCsq43229 (\r\n registered customers only) - CVE-2009-0621\r\n\r\nA third account is used for the Cisco 4700 Series Application Control\r\nEngine Appliance Device Manager also uses default credentials. Only\r\nthe Cisco ACE 4710 Application Control Engine appliance is affected\r\nby this vulnerability. This vulnerability is documented in Cisco Bug\r\nID CSCsq32379 ( registered customers only) and has also been assigned\r\nthe Common Vulnerability and Exposures (CVE) ID CVE-2009-0621.\r\n\r\nPrivilege Escalation Vulnerability\r\n+---------------------------------\r\n\r\nA vulnerability exists in versions of the Cisco ACE 4710 Application\r\nControl Engine appliance prior to A1(8a) and the Cisco ACE\r\nApplication Control Engine Module prior to version A2(1.3). An\r\nauthenticated user could exploit this vulnerability to invoke\r\nadministrative commands via the device command line interface (CLI).\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs:\r\n\r\n * Cisco ACE Application Control Engine ModuleACE Module: CSCsq48546\r\n ( registered customers only)\r\n * Cisco ACE 4710 Application Control Engine Appliance: CSCsq09839 (\r\n registered customers only)\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0622.\r\n\r\nCrafted SSH Packet Vulnerability\r\n+-------------------------------\r\n\r\nA vulnerability exists in the Cisco ACE 4710 Application Control\r\nEngine appliance prior to software version A3(2.1) and the Cisco ACE\r\nApplication Control Engine Module prior to software version A2(1.3).\r\nAn attacker could exploit this vulnerability to cause the device to\r\nreload by sending a crafted SSH packet to it.\r\n\r\nNote: SSH access must be configured on the affected device for it to\r\nbe vulnerable. SSH access is not enabled by default. A full TCP\r\nthree-way handshake is not necessary to trigger the effects of this\r\nvulnerability.\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs:\r\n\r\n * Cisco ACE Application Control Engine Module: CSCsv01877 (\r\n registered customers only)\r\n * Cisco ACE 4710 Application Control Engine Appliance: CSCsv01738 (\r\n registered customers only)\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0623.\r\n\r\nCrafted SNMPv2c Packet Vulnerability\r\n+-----------------------------------\r\n\r\nA vulnerability exists in the Cisco ACE 4710 Application Control\r\nEngine appliance prior to software version A3(2.1) and the Cisco ACE\r\nApplication Control Engine Module prior to software version A2(1.3).\r\nAn authenticated attacker could send a crafted SNMPv1 packet to an\r\naffected device to cause it to reload.\r\n\r\nNote: SNMPv2c must be explicitly configured in an affected device in\r\norder to process any SNMPv2c transactions. SNMPv2c is not enabled by\r\ndefault.\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs:\r\n\r\n * Cisco ACE Application Control Engine Module: CSCsu36038 (\r\n registered customers only)\r\n * Cisco ACE 4710 Application Control Engine Appliance: CSCsu47876 (\r\n registered customers only)\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0624.\r\n\r\nCrafted SNMPv3 Packet Vulnerability\r\n+----------------------------------\r\n\r\nA vulnerability exists in the Cisco ACE 4710 Application Control\r\nEngine appliance prior to software version A1(8.0) and the Cisco ACE\r\nApplication Control Engine Module prior to software version A2(1.2).\r\nAn where an attacker may could cause the a device to reload by\r\nsending a crafted SNMPv3 packet to it.\r\n\r\nNote: SNMPv3 must be explicitly configured in an affected device in\r\norder to process any SNMPv3 transactions. SNMPv3 is not enabled by\r\ndefault.\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs:\r\n\r\n * Cisco ACE Application Control Engine Module: CSCsq45432 (\r\n registered customers only)\r\n * Cisco ACE 4710 Application Control Engine Appliance: CSCso83126 (\r\n registered customers only)\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0625.\r\n\r\nVulnerability Scoring Details\r\n=============================\r\n\r\nCisco has provided scores for the vulnerabilities in this advisory\r\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\r\nscoring in this Security Advisory is done in accordance with CVSS\r\nversion 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of\r\nthe vulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding\r\nCVSS at\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\nCSCsq43828 and CSCsq43229 - Default users and passwords on ACE module\r\n and appliance \r\n\r\nCVSS Base Score - 10\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.7\r\n\r\n Exploitability - High\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\nCSCsq32379 - DM Default Account Credentials\r\n\r\nCVSS Base Score - 10 \r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.7\r\n\r\n Exploitability - High\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\nCSCsq48546 and CSCsq09839 - Privilege escalation issue on ACE Module\r\n and ACE Appliance\r\n\r\nCVSS Base Score - 9 \r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - Single\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 7.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\nCSCsv01877 and CSCsv01738 - Crafted SSH packet may cause ACE module\r\n or appliance to reload\r\n\r\nCVSS Base Score - 7.8\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - None\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 6.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n\r\nCSCsu36038 and CSCsu47876 - Crafted SNMPv2c packet may crash ACE\r\n module and appliance \r\n\r\nCVSS Base Score - 6.8\r\n\r\n Access Vector - Network\r\n Access Complexity - Single\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - None\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 5.6\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix \r\n Report Confidence - Confirmed\r\n\r\n\r\nCSCso83126 and CSCsq45432 - Crafted SNMPv3 packet may crash ACE\r\n appliance \r\n\r\nCVSS Base Score - 7.8\r\n\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - None\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 6.4\r\n\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\nImpact\r\n======\r\n\r\nAn attacker with knowledge of the Default Usernames and Passwords\r\nVulnerability accounts could modify the device configuration and, in\r\ncertain instances, gain user access to the host operating system.\r\n\r\nAn exploit of the Privilege Escalation Vulnerability could allow an\r\nauthenticated attacker to execute host operating system\r\nadministrative commands.\r\n\r\nSuccessful exploitation of the Crafted SSH Packet Vulnerability,\r\nCrafted SNMPv2 Packet Vulnerability, and Crafted SNMPv3 Packet\r\nVulnerability may cause a reload of the affected device. Repeated\r\nexploitation could result in a sustained DoS condition.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nWhen considering software upgrades, also consult \r\nhttp://www.cisco.com/go/psirt and any subsequent advisories to \r\ndetermine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should exercise caution to be certain the\r\ndevices to be upgraded contain sufficient memory and that current\r\nhardware and software configurations will continue to be supported\r\nproperly by the new release. If the information is not clear, contact\r\nthe Cisco Technical Assistance Center (TAC) or your contracted\r\nmaintenance provider for assistance.\r\n\r\nEach row of the software table (below) describes the earliest\r\npossible releases that contain the fix (along with the anticipated\r\ndate of availability for each, if applicable) are listed in the\r\n"First Fixed Release" column of the table. The "Recommended Release"\r\ncolumn indicates the releases which have fixes for all the published\r\nvulnerabilities at the time of this Advisory. A device running a\r\nrelease in the given train that is earlier than the release in a\r\nspecific column (less than the First Fixed Release) is known to be\r\nvulnerable. Cisco recommends upgrading to a release equal to or later\r\nthan the release in the "Recommended Releases" column of the table.\r\n\r\n+----------------------------------------------------------------------------------------------------------+\r\n| | Products and Versions Affected |\r\n| |---------------------------------------------------------------------|\r\n| | Cisco ACE 4710 Appliance | Cisco ACE Module |\r\n|Vulnerability |----------------------------------+----------------------------------|\r\n| | First Fixed | Recommended | First | |\r\n| | Release | Release | Fixed | Recommended Release |\r\n| | | | Release | |\r\n|------------------------------------+---------------+------------------+------------+---------------------|\r\n| Default Usernames and Passwords | A1(8a) | A3(2.1) | A2(1.1) | A2(1.3) |\r\n|------------------------------------+---------------+------------------+------------+---------------------|\r\n| Privilege Escalation Vulnerability | A1(8a) | A3(2.1) | A2(1.2) | A2(1.3) |\r\n|------------------------------------+---------------+------------------+------------+---------------------|\r\n| Crafted SSH Packet Vulnerability | A3(2.1) | A3(2.1) | A2(1.3) | A2(1.3) |\r\n|------------------------------------+---------------+------------------+------------+---------------------|\r\n| Crafted SNMPv2 Packet | A3(2.1) | A3(2.1) | A2(1.3) | A2(1.3) |\r\n| Vulnerability | | | | |\r\n|------------------------------------+---------------+------------------+------------+---------------------|\r\n| Crafted SNMPv2 Packet | A1(8.0) | A3(2.1) | A2(1.2) | A2(1.3) |\r\n| Vulnerability | | | | |\r\n+----------------------------------------------------------------------------------------------------------+\r\n\r\nCisco ACE module software can be downloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289\r\n\r\nCisco ACE 4710 Application Control Engine appliance software can be\r\ndownloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179\r\n\r\nWorkarounds\r\n===========\r\n\r\nThis Security Advisory describes multiple distinct vulnerabilities.\r\nThese vulnerabilities and their respective workarounds are\r\nindependent of each other.\r\n\r\nDefault Usernames and Passwords\r\n+------------------------------\r\n\r\nTo change the default administrative password, use the username\r\ncommand in configuration mode. The syntax of this command is as\r\nfollows:\r\n\r\n username admin [password [0 | 5] {password}]\r\n\r\nThe keywords, arguments, and options are:\r\n\r\nadmin--Specifies the default administrative user name.\r\n\r\npassword--(Optional) Keyword that indicates that a password follows.\r\n\r\n0--(Optional) Specifies a clear text password.\r\n\r\n5--(Optional) Specifies an MD5-hashed strong encryption password.\r\n\r\npassword--The password in clear text, encrypted text, or MD5 strong\r\nencryption, depending on the numbered option (0 or 5) that you enter.\r\nIf you do not enter a numbered option, the password is in clear text\r\nby default. Enter a password as an unquoted text string with a\r\nmaximum of 64 characters.\r\n\r\nFor example, to create a user named admin that uses the clear text\r\npassword my_super_secret_88312, enter the following command:\r\n\r\n ACE(config)# username admin password 0 my_super_secret_88312\r\n\r\nNote: This process can also be followed to change the www user\r\naccount credentials. The dm user is for accessing the Device Manager\r\nGUI and cannot be modified or deleted. The dm user is an internal\r\nuser required by the Device Manager GUI; it is hidden on the ACE CLI.\r\nFor more information refer to: \r\nhttp://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/virtualization/guide/config.html\r\n\r\nPrivilege Escalation Vulnerability\r\n+---------------------------------\r\n\r\nThere are no workarounds for this vulnerability.\r\n\r\nCrafted SSH Packet Vulnerability\r\n+-------------------------------\r\n\r\nSSH management traffic that can be received by the ACE is controlled\r\nthrough the use of class maps, policy maps, and service policies.\r\n\r\nThis Management Traffic Service example denies unauthorized SSH\r\npackets that are sent to an affected device. In the following\r\nexample, 192.168.100.1 is considered a trusted source that requires\r\nSSH access to the affected device. Care should be taken to allow all\r\nrequired management access to the affected device. An attacker could\r\nexploit this vulnerability using spoofed packets. This workaround\r\ncannot provide complete protection against this vulnerability when\r\nthe attack comes from a trusted source address.\r\n\r\nThe following example demonstrates how SSH access to the ACE is only\r\nallowed from the 192.168.100.1 host:\r\n\r\n\r\n !-- Configure a class to allow SSH from the trusted source\r\n !\r\n\r\n class-map type management match-all Permit_SSH_Class\r\n description Allow SSH from trusted sources Class\r\n match protocol ssh source-address 192.168.100.1 255.255.255.255\r\n\r\n !\r\n !-- Configure a management policy that allows ssh from the\r\n !--trusted source configured in the above class\r\n !\r\n\r\n policy-map type management first-match Permit_SSH_Policy\r\n description Allow SSH from trusted sources Policy\r\n class Permit_SSH_Class\r\n permit\r\n\r\n !\r\n !-- Apply the management policy globally\r\n !\r\n\r\n service-policy input Permit_SSH_Policy\r\n\r\nAdditional information about "Configuring SSH Management Sessions" is\r\navailable at:\r\n\r\nhttp://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/access.html#wp1049450\r\n\r\nAdditional information about "Configuring Class Maps and Policy Maps"\r\nis available at:\r\n\r\nhttp://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html\r\n\r\nwarning Warning: It is possible to easily spoof the sender's IP\r\naddress, which may defeat class maps and access control lists (ACLs)\r\nthat permit communication to the device from trusted IP addresses.\r\n\r\nCrafted SNMPv2 and SNMPv3 Packet Vulnerabilities\r\n+-----------------------------------------------\r\n\r\nSNMP management traffic that can be received by the ACE is controlled\r\nthrough the use of class maps, policy maps, and service policies.\r\n\r\nThis Management Traffic Service example denies unauthorized SNMP\r\npackets on UDP port 161 that are sent to an affected device. In the\r\nfollowing example, 192.168.100.1 is considered a trusted source that\r\nrequires SNMP access to the affected device. Care should be taken to\r\nallow all required management access to the affected device. An\r\nattacker could exploit this vulnerability using spoofed packets. This\r\nworkaround cannot provide complete protection against this\r\nvulnerability when the attack comes from a trusted source address.\r\n\r\n\r\n !-- Configure a class to allow SNMP from the trusted source\r\n !\r\n\r\n class-map type management match-all Permit_SNMP_Class\r\n description Allow SNMP from trusted sources Class\r\n 2 match protocol snmp source-address 192.168.100.1 255.255.255.255\r\n\r\n\r\n !\r\n !-- Configure a management policy that allows snmp from the\r\n !--trusted source configured in the above class\r\n !\r\n\r\n policy-map type management first-match Permit_SNMP_Policy\r\n description Allow SNMP from trusted sources Policy\r\n class Permit_SNMP_Class\r\n permit\r\n\r\n !-- Apply the management policy globally\r\n !\r\n\r\n service-policy input Permit_SNMP_Policy\r\n\r\nAdditional information about "SNMP Management Traffic Services" is\r\navailable at:\r\n\r\nhttp://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/snmp.html#wp1034011\r\n\r\nAdditional information about "Configuring Class Maps and Policy Maps"\r\nis available at:\r\n\r\nhttp://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/administration/guide/mapolcy.html\r\n\r\nAdditional mitigation techniques that can be deployed on Cisco\r\ndevices within the network are available in the Cisco Applied\r\nMitigation Bulletin companion document for this advisory:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090225-ace.shtml\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. Prior to deploying software, customers should\r\nconsult their maintenance provider or check the software for feature\r\nset compatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature sets\r\nthey have purchased. By installing, downloading, accessing or\r\notherwise using such software upgrades, customers agree to be bound\r\nby the terms of Cisco's software license terms found at \r\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html\r\nor as otherwise set forth at Cisco.com Downloads at \r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for\r\nsoftware upgrades.\r\n\r\nCustomers with Service Contracts\r\n+-------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through\r\ntheir regular update channels. For most customers, this means that\r\nupgrades should be obtained through the Software Center on Cisco's\r\nworldwide website at http://www.cisco.com\r\n\r\nCustomers using Third Party Support Organizations\r\n+------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through\r\nprior or existing agreements with third-party support organizations,\r\nsuch as Cisco Partners, authorized resellers, or service providers\r\nshould contact that support organization for guidance and assistance\r\nwith the appropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or\r\nfix is the most appropriate for use in the intended network before it\r\nis deployed.\r\n\r\nCustomers without Service Contracts\r\n+----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco\r\nservice contract, and customers who purchase through third-party\r\nvendors but are unsuccessful in obtaining fixed software through\r\ntheir point of sale should acquire upgrades by contacting the Cisco\r\nTechnical Assistance Center (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to\r\na free upgrade. Free upgrades for non-contract customers must be\r\nrequested through the TAC.\r\n\r\nRefer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized \r\ntelephone numbers, and instructions and e-mail addresses for use in \r\nvarious languages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThe Cisco PSIRT is not aware of any public announcements or malicious\r\nuse of the vulnerability described in this advisory.\r\n\r\nThese vulnerabilities were found during internal testing.\r\n\r\nStatus of this Notice: FINAL\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY\r\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that\r\nomits the distribution URL in the following section is an\r\nuncontrolled copy, and may lack important information or contain\r\nfactual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at :\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice\r\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\r\nfollowing e-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on\r\nmailing lists or newsgroups. Users concerned about this problem are\r\nencouraged to check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+-------------------------------------------------------------------+\r\n| Revision 1.0 | 2009-February-25 | Initial public release |\r\n+-------------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities in Cisco\r\nproducts, obtaining assistance with security incidents, and\r\nregistering to receive security information from Cisco, is available\r\non Cisco's worldwide website at \r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\r\nThis includes instructions for press inquiries regarding Cisco \r\nsecurity notices. All Cisco security advisories are available at \r\nhttp://www.cisco.com/go/psirt\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.8 (Darwin)\r\n\r\niEYEARECAAYFAkmlbsoACgkQ86n/Gc8U/uA9egCgiM1YYI9hZhS8iZ5kbEw6vxaq\r\ngM8AnjpFAJaZ/RK593w/5j/mRHxjkLVo\r\n=rWBu\r\n-----END PGP SIGNATURE-----", "modified": "2009-02-26T00:00:00", "published": "2009-02-26T00:00:00", "id": "SECURITYVULNS:DOC:21399", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21399", "title": "Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Cisco ACE Application Control Engine Device\r\nManager and Application Networking Manager Vulnerabilities\r\n\r\nAdvisory ID: cisco-sa-20090225-anm\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 February 25 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nMultiple vulnerabilities exist in the Cisco Application Networking\r\nManager (ANM) and Cisco Application Control Engine (ACE) Device\r\nManager applications. These vulnerabilities are independent of each\r\nother. Successful exploitation of these vulnerabilities may result in\r\nunauthorized system or host operating system access.\r\n\r\nThis security advisory identifies the following vulnerabilities:\r\n\r\n * ACE Device Manager and ANM invalid directory permissions\r\n vulnerability\r\n * ANM default user credentials vulnerability\r\n * ANM MySQL default credentials vulnerability\r\n * ANM Java agent privilege escalation\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. A workaround that mitigates one of the issues is\r\navailable.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml.\r\n\r\nNote: This advisory is being released simultaneously with a multiple\r\nvulnerabilities advisory impacting the ACE appliance and module\r\nsoftware, which is posted at\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThe following are the products and versions affected by each\r\nvulnerability described within this advisory.\r\n\r\n+---------------------------------------+\r\n| Vulnerability | Product | Version |\r\n| | Affected | Affected |\r\n|---------------+----------+------------|\r\n| Invalid | ACE | All |\r\n| Directory | Device | versions |\r\n| Permissions | Manager | prior to |\r\n| | | A3(2.1) |\r\n|---------------+----------+------------|\r\n| Invalid | | All |\r\n| Directory | ANM | versions |\r\n| Permissions | | prior to |\r\n| | | ANM 2.0 |\r\n|---------------+----------+------------|\r\n| | | All |\r\n| Default User | ANM | versions |\r\n| Credentials | | prior to |\r\n| | | ANM 2.0 |\r\n|---------------+----------+------------|\r\n| | | All |\r\n| MySQL Default | ANM | versions |\r\n| Credentials | | prior to |\r\n| | | ANM 2.0 |\r\n|---------------+----------+------------|\r\n| | | All |\r\n| Java Agent | | versions |\r\n| Privilege | ANM | prior to |\r\n| Escalation | | ANM 2.0 |\r\n| | | Update A |\r\n+---------------------------------------+\r\n\r\nDetermining ACE Device Manager Software Version\r\n+----------------------------------------------\r\n\r\nThe ACE Device Manager is embedded with the ACE appliance software.\r\n\r\nTo display the version of system software that is currently running\r\non the device, use the "show version" command. The following example\r\nincludes the output of the "show version" command on a Cisco ACE\r\nappliance running software version A3(2.1):\r\n\r\n ACE-4710/Admin# show version\r\n Cisco Application Control Software (ACSW)\r\n TAC support: http://www.cisco.com/tac\r\n Copyright (c) 1985-2008 by Cisco Systems, Inc. All rights reserved.\r\n The copyrights to certain works contained herein are owned by\r\n other third parties and are used and distributed under license.\r\n Some parts of this software are covered under the GNU Public\r\n License. A copy of the license is available at\r\n http://www.gnu.org/licenses/gpl.html.\r\n\r\n Software\r\n loader: Version 0.95\r\n system: Version A3(2.1) [build 3.0(0)A3(2.1)\r\nadbuild_14:33:29-2008/11/19_/auto/adbu-rel4/rel_a3_2_1_throttle_build/REL_3_0_0_A3_2_1]\r\n system image file: (nd)/192.168.65.32/scimitar.bin\r\n Device Manager version 1.1 (0) 20081113:2052\r\n ---\r\n\r\nDetermining ANM Software Version\r\n+-------------------------------\r\n\r\nTo display the version of ANM software that is currently installed,\r\nlogin to the ANM server and select the "About" keyword in the upper\r\nright. An informational pop up window will be displayed. ANM Version 2.0\r\nUpdate A is indicated in the example output below.\r\n\r\n Version: 2.0(0), Update: A\r\n Build Number: 709\r\n Build Timestamp: 20081031:1226\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe Cisco ACE XML Gateway, Cisco ACE GSS (Global Site Selector) 4400\r\nSeries and Cisco ACE Web Application Firewall are not affected by any of\r\nthese vulnerabilities.\r\n\r\nNo other Cisco products are currently known to be affected by these\r\nvulnerabilities.\r\n\r\nDetails\r\n=======\r\n\r\nANM is a network management application that manages Cisco ACE modules\r\nor appliances. ANM is installed on customer provided servers with a Red\r\nHat Enterprise Linux operating system. The ACE Device Manager provides\r\na browser-based interface for configuring and managing a single ACE\r\nappliance. The ACE Device Manager resides in flash memory on the ACE\r\nappliance. Multiple vulnerabilities exist in ANM and one in the ACE\r\nDevice Manager products. The following details are provided for each\r\nvulnerability addressed in this security advisory.\r\n\r\nInvalid Directory Permissions\r\n+----------------------------\r\n\r\nVersions of the Cisco ACE Device Manager prior to software version\r\nA3(2.1) and Cisco ANM prior software version ANM 2.0 contain directory\r\ntraversal vulnerabilities. These vulnerabilities could allow\r\nunauthorized access to ACE operating system and host operating system\r\nfiles. To exploit these vulnerabilities authentication is required to\r\ninitially access either product.\r\n\r\nThis vulnerability is documented in the following Cisco Bug IDs:\r\n\r\n * CSCsv66063\r\n * CSCsv70130\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0615.\r\n\r\nDefault User Credentials\r\n+-----------------------\r\n\r\nVersions of Cisco ANM prior to software version ANM 2.0 do not force\r\ncredential changes during installation. If these credentials are left\r\nunchanged, this could allow unauthorized access to the ANM\r\napplication with default user credentials.\r\n\r\nThis vulnerability is documented in the following Cisco Bug ID:\r\n\r\n * CSCsu52724\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0616.\r\n\r\nMySQL Default Credentials\r\n+------------------------\r\n\r\nANM versions prior to ANM 2.0 use a default MySQL root user password\r\nduring installation. The MySQL database is installed by default when\r\nANM is initially installed. This vulnerability can be exploited\r\nremotely with default credential authentication and without end-user\r\ninteraction. Unauthorized access to the database may allow\r\nmodification of system files that could impact the function of ANM or\r\nallow execution of commands on the underlying host operating system.\r\nThe ACE appliance and module device configuration files in the MySQL\r\ndatabase are encrypted.\r\n\r\nThis vulnerability is documented in the following Cisco Bug ID:\r\n\r\n * CSCsu52632\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0617.\r\n\r\nJava Agent Privilege Escalation\r\n+------------------------------\r\n\r\nANM versions prior to ANM 2.0 Update A contain a remotely exploitable\r\nvulnerability that could allow an attacker to view configuration\r\nfiles and modify ANM processes including the capability to stop\r\nservices. Exploitation of this issue could result in system\r\ninformation disclosure or denial of services.\r\n\r\nThis vulnerability is documented in the following Cisco Bug ID:\r\n\r\n * CSCsu73001\r\n\r\nThis vulnerability has been assigned the Common Vulnerability and\r\nExposures (CVE) ID CVE-2009-0618.\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerabilities in this advisory\r\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\r\nscoring in this Security Advisory is done in accordance with CVSS\r\nversion 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of\r\nthe vulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding\r\nCVSS at:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* ACE Device Manager invalid directory permissions (CSCsv66063)\r\n\r\nCVSS Base Score - 9.0\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - Single\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 7.4\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n* ANM invalid directory permissions (CSCsv70130)\r\n\r\nCVSS Base Score - 9.0\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - Single\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 7.4\r\n Exploitability - Functional\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n* ANM default user credentials during installation (CSCsu52724)\r\n\r\nCVSS Base Score - 10.0\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.7\r\n Exploitability - High\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n* ANM embedded MySQL default credentials (CSCsu52632)\r\n\r\nCVSS Base Score - 10.0\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Complete\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 8.7\r\n Exploitability - High\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\n* ANM Java agent privilege escalation (CSCsu73001)\r\n\r\nCVSS Base Score - 8.5\r\n Access Vector - Network\r\n Access Complexity - Low\r\n Authentication - None\r\n Confidentiality Impact - Partial\r\n Integrity Impact - None\r\n Availability Impact - Complete\r\n\r\nCVSS Temporal Score - 7.4\r\n Exploitability - High\r\n Remediation Level - Official-Fix\r\n Report Confidence - Confirmed\r\n\r\nImpact\r\n======\r\n\r\nSuccessful exploitation of the ACE Device Manager and ANM invalid\r\ndirectory permission vulnerabilities may allow unauthorized access to\r\nview or modify the ACE Device Manager or ANM file system, including host\r\noperating system files. Modification of some system files could result\r\nin a denial of service condition.\r\n\r\nExploitation of the ANM default user credential and ANM MySQL database\r\ndefault credential vulnerabilities may allow an attacker to gain\r\nunauthorized system access. Modification of ANM settings with the\r\ndefault user credentials could result in a denial of service condition.\r\nUnauthorized access to the MySQL database may allow modification of\r\nsystem files that could impact the function of ANM or allow execution of\r\ncommands on the underlying host operating system.\r\n\r\nSuccessful exploitation of the ANM privilege escalation vulnerability\r\nmay result in unauthorized remote access to system processes and\r\nservices with the ability to modify. Modification of these services\r\ncould result in a denial of service condition.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nWhen considering software upgrades, also consult\r\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\r\nexposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should exercise caution to be certain the\r\ndevices to be upgraded contain sufficient memory and that current\r\nhardware and software configurations will continue to be supported\r\nproperly by the new release. If the information is not clear, contact\r\nthe Cisco Technical Assistance Center (TAC) or your contracted\r\nmaintenance provider for assistance.\r\n\r\nEach row of the following software table identifies the earliest\r\npossible software release that contains the fix listed in the "First\r\nFixed Release" column of the table. The "Recommended Release"\r\ncolumn indicates the release which have fixes for all the published\r\nvulnerabilities at the time of this Advisory.\r\n\r\n+---------------------------------------+\r\n| | First | Recommended |\r\n| Vulnerability | Fixed | Release |\r\n| | Release | |\r\n|---------------+---------+-------------|\r\n| ACE Device | | |\r\n| Manager | | |\r\n| Invalid | A3(2.1) | A3(2.1) |\r\n| Directory | | |\r\n| Permissions | | |\r\n|---------------+---------+-------------|\r\n| ANM Invalid | | ANM 2.0 |\r\n| Directory | ANM 2.0 | Update A |\r\n| Permissions | | |\r\n|---------------+---------+-------------|\r\n| ANM Default | | ANM 2.0 |\r\n| User | ANM 2.0 | Update A |\r\n| Credentials | | |\r\n|---------------+---------+-------------|\r\n| ANM MySQL | | ANM 2.0 |\r\n| Default | ANM 2.0 | Update A |\r\n| Credentials | | |\r\n|---------------+---------+-------------|\r\n| ANM Java | ANM 2.0 | |\r\n| Agent | Update | ANM 2.0 |\r\n| Privilege | A | Update A |\r\n| Escalation | | |\r\n+---------------------------------------+\r\n\r\nANM 2.0 Update A can be downloaded from:\r\n\r\nhttp://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/netmgmt/anm/1.2/anm2.0-update-A.bin\r\n\r\nACE Device Manager A3(2.1) can be downloaded from:\r\n\r\nhttp://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/ans/DNSS/ace4710/c4710ace-mz.A3_2_1.bin\r\n\r\nWorkarounds\r\n===========\r\n\r\nWhile this Security Advisory describes multiple distinct\r\nvulnerabilities, a workaround exists for only the following\r\nvulnerability.\r\n\r\nANM Default User Credentials\r\n+---------------------------\r\n\r\nThe ANM user "admin" account password may be modified after installation\r\nby following the procedures documented for "Changing the Admin Password"\r\nlocated in the ANM User Guide at:\r\n\r\nhttp://www.cisco.com/en/US/docs/net_mgmt/application_networking_manager/2.0/user/guide/UG_admin.html#wp1053216\r\n\r\nApplied Mitigation Bulletin\r\n+--------------------------\r\n\r\nAdditional mitigation techniques that can be deployed on Cisco devices\r\nwithin the network are available in the Cisco Applied Mitigation\r\nBulletin companion document for this advisory:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-amb-20090225-anm.shtml\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/products/prod_warranties_item09186a008088e31f.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThe Cisco PSIRT is not aware of any public announcements or malicious\r\nuse of the vulnerabilities described in this advisory.\r\n\r\nAcknowledgement to the National Australia Bank's Security Assurance team\r\nfor the discovery and reporting of the ACE Device Manager directory\r\npermissions vulnerability.\r\n\r\nThe remaining vulnerabilities were identified through internal testing.\r\n\r\nStatus of this Notice: FINAL\r\n============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009 February 25 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities in\r\nCisco products, obtaining assistance with security incidents, and\r\nregistering to receive security information from Cisco, is available\r\non Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding Cisco security\r\nnotices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008 - 2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Feb 25, 2009 Document ID: 109451\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkmlezoACgkQ86n/Gc8U/uAexwCfYI7DnCQWq4XF2Id8o6bO4+zJ\r\na6IAn0r51YyfdsXPFgYII7OPUWLzJHLU\r\n=xUPr\r\n-----END PGP SIGNATURE-----", "modified": "2009-02-26T00:00:00", "published": "2009-02-26T00:00:00", "id": "SECURITYVULNS:DOC:21400", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21400", "title": "Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:57:52", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 33900\r\nCVE(CAN) ID: CVE-2009-0620,CVE-2009-0621,CVE-2009-0622,CVE-2009-0623,CVE-2009-0624,CVE-2009-0625\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u548cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\u662f\u6570\u636e\u4e2d\u5fc3\u7684\u8d1f\u8f7d\u5747\u8861\u548c\u5e94\u7528\u4ea4\u4ed8\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u9ed8\u8ba4\u7528\u6237\u540d\u548c\u53e3\u4ee4\r\n+------------------------------\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u7684A1(8a)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u4f7f\u7528\u9ed8\u8ba4\u7684\u7ba1\u7406\u5458\u3001Web\u7ba1\u7406\u548c\u8bbe\u5907\u7ba1\u7406\u5e10\u53f7\u51ed\u636e\uff1b\u7c7b\u4f3c\u7684\uff0cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757A2(1.1)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u4f7f\u7528\u9ed8\u8ba4\u7684\u7ba1\u7406\u5458\u548cWeb\u7ba1\u7406\u51ed\u636e\u3002\u8bbe\u5907\u548c\u6a21\u5757\u5728\u521d\u59cb\u914d\u7f6e\u8fc7\u7a0b\u4e2d\u6ca1\u6709\u63d0\u793a\u7528\u6237\u4fee\u6539\u7cfb\u7edf\u5e10\u53f7\u53e3\u4ee4\uff0c\u77e5\u9053\u8fd9\u4e9b\u5e10\u53f7\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u4fee\u6539\u5e94\u7528\u914d\u7f6e\uff0c\u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b\u8fd8\u53ef\u4ee5\u83b7\u5f97\u5bf9\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u7684\u7528\u6237\u8bbf\u95ee\u3002\r\n \r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5206\u914d\u4e86\u4ee5\u4e0bCVE ID\uff1a\r\n\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\uff1aCSCsq43828 - CVE-2009-0620\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\uff1aCSCsq43229 - CVE-2009-0621\r\n\r\nCisco 4700\u7cfb\u5217\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u7ba1\u7406\u5668\u7684\u7b2c\u4e09\u4e2a\u5e10\u53f7\u4e5f\u4f7f\u7528\u7684\u9ed8\u8ba4\u7684\u51ed\u636e\u3002\u4ec5\u6709Cisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u624d\u53d7\u8fd9\u4e2a\u6f0f\u6d1e\u5f71\u54cd\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u5728Cisco Bug ID\u4e2d\u8bb0\u5f55\u4e3aCSCsq32379\uff0c\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0621\u3002\r\n\r\n\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\r\n+---------------------------------\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907A1(8a)\u4e4b\u524d\u7248\u672c\u548cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757A2(1.3)\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6f0f\u6d1e\uff0c\u901a\u8fc7\u8ba4\u8bc1\u7684\u7528\u6237\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u901a\u8fc7\u8bbe\u5907\u7684\u547d\u4ee4\u884c\u63a5\u53e3\u8c03\u7528\u7ba1\u7406\u547d\u4ee4\u3002 \r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\uff1aCSCsq48546\r\n * Cisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\uff1aCSCsq09839\r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0622\u3002\r\n\r\n\u7279\u5236SSH\u62a5\u6587\u6f0f\u6d1e\r\n+-------------------------------\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u7684A3(2.1)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u548cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\u7684A2(1.3)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684SSH\u62a5\u6587\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u8bbe\u5907\u91cd\u8f7d\u3002\r\n \r\n\u6ce8\u91ca\uff1a\u53d7\u5f71\u54cd\u8bbe\u5907\u4e0a\u5fc5\u987b\u914d\u7f6e\u4e86SSH\u8bbf\u95ee\u624d\u53d7\u6f0f\u6d1e\u5f71\u54cd\uff0cSSH\u8bbf\u95ee\u4e0d\u662f\u9ed8\u8ba4\u542f\u7528\u7684\u3002\u65e0\u9700\u5b8c\u6210\u5b8c\u6574\u7684TCP\u4e09\u91cd\u63e1\u624b\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\u7684\u5f71\u54cd\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\uff1aCSCsv01877 \r\n * Cisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\uff1aCSCsv01738\r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0623\u3002\r\n\r\n\u7279\u5236SNMPv2c\u62a5\u6587\u6f0f\u6d1e\r\n+-----------------------------------\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u7684A3(2.1)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u548cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\u7684A2(1.3)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5b58\u5728\u6f0f\u6d1e\uff0c\u901a\u8fc7\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684SNMPv1\u62a5\u6587\u5bfc\u81f4\u91cd\u8f7d\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\uff1aCSCsu36038\r\n * Cisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\uff1aCSCsu47876 \r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0624\u3002\r\n\r\n\u7279\u5236SNMPv3\u62a5\u6587\u6f0f\u6d1e\r\n+----------------------------------\r\n\r\nCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\u7684A1(8.0)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u548cCisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\u7684A2(1.2)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5b58\u5728\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u8bbe\u5907\u53d1\u9001\u7279\u5236\u7684SNMPv3\u62a5\u6587\u5bfc\u81f4\u91cd\u8f7d\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\uff1aCSCsq45432\r\n * Cisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u8bbe\u5907\uff1aCSCso83126\r\n\r\n\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0625\u3002\r\n\n\nCisco ACE 4710 A3\r\nCisco ACE 4710 A1\r\nCisco ACE Module A2\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n\u9ed8\u8ba4\u7528\u6237\u540d\u548c\u53e3\u4ee4\r\n+------------------------------\r\n\r\n\u5982\u679c\u8981\u66f4\u6539\u9ed8\u8ba4\u7684\u7ba1\u7406\u53e3\u4ee4\uff0c\u4ee5\u914d\u7f6e\u6a21\u5f0f\u4f7f\u7528username\u547d\u4ee4\uff0c\u8be5\u547d\u4ee4\u53e5\u6cd5\u5982\u4e0b\uff1a\r\n\r\n username admin [password [0 | 5] {password}]\r\n\r\n\u7279\u5236SSH\u62a5\u6587\u6f0f\u6d1e\r\n+------------------------------\r\n\r\n\u53ef\u901a\u8fc7\u4f7f\u7528\u7c7b\u6620\u5c04\u3001\u7b56\u7565\u6620\u5c04\u548c\u670d\u52a1\u7b56\u7565\u63a7\u5236ACE\u6240\u63a5\u6536\u5230\u7684SSH\u7ba1\u7406\u901a\u8baf\u3002\r\n\r\n\u4ee5\u4e0b\u793a\u4f8b\u663e\u793a\u5982\u4f55\u4ec5\u5141\u8bb8\u6765\u81ea192.168.100.1\u7684\u4e3b\u673aSSH\u8bbf\u95eeACE\uff1a\r\n\r\n !-- Configure a class to allow SSH from the trusted source\r\n !\r\n\r\n class-map type management match-all Permit_SSH_Class\r\n description Allow SSH from trusted sources Class\r\n match protocol ssh source-address 192.168.100.1 255.255.255.255\r\n\r\n !\r\n !-- Configure a management policy that allows ssh from the\r\n !--trusted source configured in the above class\r\n !\r\n\r\n policy-map type management first-match Permit_SSH_Policy\r\n description Allow SSH from trusted sources Policy\r\n class Permit_SSH_Class\r\n permit\r\n\r\n !\r\n !-- Apply the management policy globally\r\n !\r\n\r\n service-policy input Permit_SSH_Policy\r\n\r\n\u7279\u5236SNMPv2\u548cSNMPv3\u62a5\u6587\u6f0f\u6d1e\r\n+------------------------------\r\n\r\n\u53ef\u901a\u8fc7\u4f7f\u7528\u7c7b\u6620\u5c04\u3001\u7b56\u7565\u6620\u5c04\u548c\u670d\u52a1\u7b56\u7565\u63a7\u5236ACE\u6240\u63a5\u6536\u5230\u7684SNMP\u7ba1\u7406\u901a\u8baf\u3002\r\n \r\n !-- Configure a class to allow SNMP from the trusted source\r\n !\r\n\r\n class-map type management match-all Permit_SNMP_Class\r\n description Allow SNMP from trusted sources Class\r\n 2 match protocol snmp source-address 192.168.100.1 255.255.255.255\r\n\r\n\r\n !\r\n !-- Configure a management policy that allows snmp from the\r\n !--trusted source configured in the above class\r\n !\r\n\r\n policy-map type management first-match Permit_SNMP_Policy\r\n description Allow SNMP from trusted sources Policy\r\n class Permit_SNMP_Class\r\n permit\r\n\r\n !-- Apply the management policy globally\r\n !\r\n\r\n service-policy input Permit_SNMP_Policy\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\nCisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20090225-ace\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncisco-sa-20090225-ace\uff1aMultiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine\r\n\u94fe\u63a5\uff1a<a href=http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml target=_blank rel=external nofollow>http://www.cisco.com/warp/public/707/cisco-sa-20090225-ace.shtml</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289 target=_blank rel=external nofollow>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289</a>\r\n<a href=http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179 target=_blank rel=external nofollow>http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179</a>", "modified": "2009-02-26T00:00:00", "published": "2009-02-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4836", "id": "SSV:4836", "title": "Cisco ACE\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u6a21\u5757\u548cCisco ACE 4710\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:57:55", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 33903\r\nCVE(CAN) ID: CVE-2009-0615,CVE-2009-0616,CVE-2009-0617,CVE-2009-0618\r\n\r\nCisco\u5e94\u7528\u8054\u7f51\u7ba1\u7406\u5668\uff08ANM\uff09\u662f\u7528\u4e8e\u7ba1\u7406Cisco\u5e94\u7528\u63a7\u5236\u5f15\u64ce\uff08ACE\uff09\u6a21\u5757\u6216\u8bbe\u5907\u7684\u7f51\u7edc\u7ba1\u7406\u5e94\u7528\uff0c\u5b89\u88c5\u5728Red Hat Enterprise Linux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5ba2\u6237\u670d\u52a1\u5668\u4e0a\uff1bACE\u8bbe\u5907\u7ba1\u7406\u5668\u4f4d\u4e8eACE\u8bbe\u5907\u7684\u95ea\u5b58\u4e2d\uff0c\u63d0\u4f9b\u4e86\u7528\u4e8e\u914d\u7f6e\u548c\u7ba1\u7406\u5355\u4e2aACE\u8bbe\u5907\u7684\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u63a5\u53e3\u3002\r\n\r\nANM\u4e2d\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0cACE\u8bbe\u5907\u7ba1\u7406\u5668\u4ea7\u54c1\u4e2d\u5b58\u5728\u4e00\u4e2a\u6f0f\u6d1e\uff0c\u4ee5\u4e0b\u662f\u672c\u6587\u6240\u8ff0\u6bcf\u4e2a\u6f0f\u6d1e\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\r\n\r\n\u65e0\u6548\u76ee\u5f55\u6743\u9650\r\n+----------------------------\r\n\r\nCisco ACE\u8bbe\u5907\u7ba1\u7406\u5668\u7684A3(2.1)\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u548cCisco ANM\u7684ANM 2.0\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5141\u8bb8\u975e\u6388\u6743\u8bbf\u95eeACE\u64cd\u4f5c\u7cfb\u7edf\u548c\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u6587\u4ef6\u3002\u5982\u679c\u8981\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\uff0c\u5fc5\u987b\u9996\u5148\u901a\u8fc7\u8ba4\u8bc1\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * CSCsv66063\r\n * CSCsv70130\r\n\r\n\u4e3a\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0615\u3002\r\n\r\n\u9ed8\u8ba4\u7528\u6237\u51ed\u636e\r\n+----------------------------\r\n\r\nCisco ANM\u7684ANM 2.0\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5728\u5b89\u88c5\u671f\u95f4\u6ca1\u6709\u5f3a\u5236\u66f4\u6539\u51ed\u636e\u3002\u5982\u679c\u8fd9\u4e9b\u51ed\u636e\u672a\u7ecf\u66f4\u6539\uff0c\u5c31\u53ef\u80fd\u5141\u8bb8\u901a\u8fc7\u9ed8\u8ba4\u7684\u7528\u6237\u51ed\u636e\u975e\u6388\u6743\u8bbf\u95eeANM\u5e94\u7528\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * CSCsu52724\r\n\r\n\u4e3a\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0616\u3002\r\n\r\nMySQL\u9ed8\u8ba4\u51ed\u636e\r\n+----------------------------\r\n\r\nANM\u7684ANM 2.0\u4e4b\u524d\u7248\u672c\u5728\u5b89\u88c5\u671f\u95f4\u4f7f\u7528\u9ed8\u8ba4\u7684MySQL root\u7528\u6237\u53e3\u4ee4\u3002MySQL\u6570\u636e\u5e93\u662f\u5728\u521d\u59cb\u5b89\u88c5ANM\u65f6\u9ed8\u8ba4\u5b89\u88c5\u7684\u3002\u53ef\u65e0\u9700\u6700\u7ec8\u7528\u6237\u4ea4\u4e92\u901a\u8fc7\u9ed8\u8ba4\u7684\u51ed\u636e\u8ba4\u8bc1\u8fdc\u7a0b\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u3002\u975e\u6388\u6743\u8bbf\u95ee\u6570\u636e\u5e93\u53ef\u80fd\u5141\u8bb8\u4fee\u6539\u7cfb\u7edf\u6587\u4ef6\uff0c\u5f71\u54cdANM\u7684\u529f\u80fd\uff0c\u6216\u5728\u57fa\u7840\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002MySQL\u6570\u636e\u5e93\u4e2d\u7684ACE\u8bbe\u5907\u548c\u6a21\u5757\u8bbe\u5907\u914d\u7f6e\u6587\u4ef6\u662f\u52a0\u5bc6\u7684\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * CSCsu52632\r\n\r\n\u4e3a\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0617\u3002\r\n\r\nJava\u4ee3\u7406\u6743\u9650\u63d0\u5347\r\n+----------------------------\r\n\r\nANM\u7684ANM 2.0 Update A\u4e4b\u524d\u8f6f\u4ef6\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u53ef\u5229\u7528\u7684\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u67e5\u770b\u914d\u7f6e\u6587\u4ef6\u548c\u4fee\u6539ANM\u8fdb\u7a0b\uff0c\u5305\u62ec\u7ec8\u6b62\u670d\u52a1\u3002\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u7cfb\u7edf\u4fe1\u606f\u6cc4\u9732\u6216\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u4ee5\u4e0bCisco Bug ID\u8bb0\u5f55\u4e86\u8fd9\u4e2a\u6f0f\u6d1e\uff1a\r\n\r\n * CSCsu73001\r\n\r\n\u4e3a\u8fd9\u4e2a\u6f0f\u6d1e\u6240\u5206\u914d\u7684CVE ID\u4e3aCVE-2009-0618\u3002\r\n\n\nCisco ACE\u8bbe\u5907\u7ba1\u7406\u5668 < A3(2.1)\r\nCisco ANM 1.2\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5728\u5b89\u88c5\u540e\u4fee\u6539ANM\u7528\u6237admin\u5e10\u53f7\u53e3\u4ee4\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nCisco\r\n-----\r\nCisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20090225-anm\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\ncisco-sa-20090225-anm\uff1aCisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities\r\n\u94fe\u63a5\uff1a<a href=http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml target=_blank rel=external nofollow>http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml</a>\r\n\r\n\u8865\u4e01\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/netmgmt/anm/1.2/anm2.0-update-A.bin target=_blank rel=external nofollow>http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/netmgmt/anm/1.2/anm2.0-update-A.bin</a>\r\n<a href=http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/ans/DNSS/ace4710/c4710ace-mz.A3_2_1.bin target=_blank rel=external nofollow>http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=/cisco/crypto/3DES/ans/DNSS/ace4710/c4710ace-mz.A3_2_1.bin</a>", "modified": "2009-02-26T00:00:00", "published": "2009-02-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4837", "id": "SSV:4837", "title": "Cisco\u5e94\u7528\u8054\u7f51\u7ba1\u7406\u5668\u548c\u5e94\u7528\u63a7\u5236\u5f15\u64ce\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "cve": [{"lastseen": "2016-09-03T12:06:44", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).", "modified": "2009-02-27T00:00:00", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0622", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0622", "type": "cve", "title": "CVE-2009-0622", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:47", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.", "modified": "2009-03-03T02:04:50", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0625", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0625", "type": "cve", "title": "CVE-2009-0625", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:39", "bulletinFamily": "NVD", "description": "Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.", "modified": "2009-03-03T02:04:49", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0617", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0617", "type": "cve", "title": "CVE-2009-0617", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:44", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.", "modified": "2009-06-19T00:00:00", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0623", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0623", "type": "cve", "title": "CVE-2009-0623", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:36", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to \"invalid directory permissions.\"", "modified": "2009-03-03T02:04:48", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0615", "type": "cve", "title": "CVE-2009-0615", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:41", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.", "modified": "2009-03-03T02:04:49", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0618", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0618", "type": "cve", "title": "CVE-2009-0618", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:43", "bulletinFamily": "NVD", "description": "Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.", "modified": "2009-02-27T00:00:00", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0620", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0620", "type": "cve", "title": "CVE-2009-0620", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:44", "bulletinFamily": "NVD", "description": "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.", "modified": "2009-02-27T00:00:00", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0621", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0621", "type": "cve", "title": "CVE-2009-0621", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:38", "bulletinFamily": "NVD", "description": "Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to \"default user credentials during installation.\"", "modified": "2009-03-03T02:04:49", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0616", "type": "cve", "title": "CVE-2009-0616", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-03T12:06:46", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.", "modified": "2009-03-03T02:04:50", "published": "2009-02-26T11:17:20", "id": "CVE-2009-0624", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0624", "type": "cve", "title": "CVE-2009-0624", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-12-04T11:28:15", "bulletinFamily": "scanner", "description": "The remote host is missing an update to git-core\nannounced via advisory USN-723-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64168", "id": "OPENVAS:64168", "title": "Ubuntu USN-723-1 (git-core)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_723_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_723_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-723-1 (git-core)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n git-core 1.1.3-1ubuntu1.1\n\nUbuntu 7.10:\n git-core 1:1.5.2.5-2ubuntu0.1\n gitweb 1:1.5.2.5-2ubuntu0.1\n\nUbuntu 8.04 LTS:\n git-core 1:1.5.4.3-1ubuntu2.1\n gitweb 1:1.5.4.3-1ubuntu2.1\n\nUbuntu 8.10:\n git-core 1:1.5.6.3-1.1ubuntu2.1\n gitweb 1:1.5.6.3-1.1ubuntu2.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-723-1\";\n\ntag_insight = \"It was discovered that Git did not properly handle long file paths. If a user\nwere tricked into performing commands on a specially crafted Git repository, an\nattacker could possibly execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2008-3546)\n\nIt was discovered that the Git web interface (gitweb) did not correctly handle\nshell metacharacters when processing certain commands. A remote attacker could\nsend specially crafted commands to the Git server and execute arbitrary code\nwith the privileges of the Git web server. This issue only applied to Ubuntu\n7.10 and 8.04 LTS. (CVE-2008-5516, CVE-2008-5517)\n\nIt was discovered that the Git web interface (gitweb) did not properly restrict\nthe diff.external configuration parameter. A local attacker could exploit this\nissue and execute arbitrary code with the privileges of the Git web server.\nThis issue only applied to Ubuntu 8.04 LTS and 8.10. (CVE-2008-5916)\";\ntag_summary = \"The remote host is missing an update to git-core\nannounced via advisory USN-723-1.\";\n\n \n\n\nif(description)\n{\n script_id(64168);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-3546\", \"CVE-2008-5516\", \"CVE-2008-5517\", \"CVE-2008-5916\", \"CVE-2008-3974\", \"CVE-2009-0318\", \"CVE-2008-5984\", \"CVE-2009-0352\", \"CVE-2009-0353\", \"CVE-2009-0354\", \"CVE-2009-0355\", \"CVE-2009-0356\", \"CVE-2009-0357\", \"CVE-2009-0358\", \"CVE-2009-0316\", \"CVE-2008-5557\", \"CVE-2008-5658\", \"CVE-2008-5624\", \"CVE-2008-5625\", \"CVE-2008-5985\", \"CVE-2009-0544\", \"CVE-2008-3964\", \"CVE-2008-5907\", \"CVE-2009-0040\", \"CVE-2008-1232\", \"CVE-2008-1947\", \"CVE-2008-2370\", \"CVE-2009-0520\", \"CVE-2008-4810\", \"CVE-2008-3663\", \"CVE-2007-5624\", \"CVE-2008-1360\", \"CVE-2007-5803\", \"CVE-2009-0187\", \"CVE-2007-3698\", \"CVE-2007-3922\", \"CVE-2008-5263\", \"CVE-2009-0615\", \"CVE-2009-0616\", \"CVE-2009-0617\", \"CVE-2009-0618\", \"CVE-2009-0620\", \"CVE-2009-0621\", \"CVE-2009-0622\", \"CVE-2009-0623\", \"CVE-2009-0624\", \"CVE-2009-0625\", \"CVE-2009-0490\", \"CVE-2009-0614\", \"CVE-2009-0542\", \"CVE-2009-0543\", \"CVE-2009-0478\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-723-1 (git-core)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-723-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.1.3-1ubuntu1.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-p4\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.2.5-2ubuntu0.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.4.3-1ubuntu2.1\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-doc\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitk\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-arch\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-email\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-gui\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-svn\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gitweb\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"git-core\", ver:\"1.5.6.3-1.1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.0.1+dfsg1-2.3+lenny0\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.0.1+dfsg1-2.3+lenny0\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-doc\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-basic\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-ldap\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-mysql\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"proftpd-mod-pgsql\", ver:\"1.3.1-17lenny1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-common\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"squid-cgi\", ver:\"2.7.STABLE3-1ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:20:01", "bulletinFamily": "scanner", "description": "The Cisco Application Control Engine (ACE) software installed on the remote Cisco IOS device is earlier than A3(2.1). It is, therefore, potentially affected by multiple unspecified directory traversals.\nAn authenticated attacker could exploit these to access ACE operating system and host operating system files.", "modified": "2018-11-15T00:00:00", "id": "CISCO-SA-20090225-ANM.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69913", "published": "2013-09-16T00:00:00", "title": "Cisco Application Control Engine < A3(2.1) Multiple Unspecified Traversals (cisco-sa-20090225-anm)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69913);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\"CVE-2009-0615\");\n script_bugtraq_id(33903);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCsv66063\");\n script_xref(name:\"IAVT\", value:\"2009-T-0016\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20090225-anm\");\n\n script_name(english:\"Cisco Application Control Engine < A3(2.1) Multiple Unspecified Traversals (cisco-sa-20090225-anm)\");\n script_summary(english:\"Checks ACE version\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Cisco Application Control Engine (ACE) software installed on the\nremote Cisco IOS device is earlier than A3(2.1). It is, therefore,\npotentially affected by multiple unspecified directory traversals.\nAn authenticated attacker could exploit these to access ACE operating\nsystem and host operating system files.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20090225-anm.html\");\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to Cisco ACE A3(2.1) or later as discussed in Cisco Security\nAdvisory cisco-sa-20090225-anm.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:application_control_engine_device_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/16\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CISCO\");\n\n script_dependencies(\"cisco_ace_version.nasl\");\n script_require_keys(\"Host/Cisco/ACE/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\n\n\nversion = get_kb_item(\"Host/Cisco/ACE/Version\");\nif (isnull(version)) audit(AUDIT_NOT_INST, 'Cisco ACE');\n\n\nif (\n version =~ \"^A[0-2]\\(\" ||\n version =~ \"^A3\\(([01]\\..+|2\\.0)\\)\"\n)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : A3(2.1)' +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco ACE\", version);\n", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}