Computer Security
[EN] securityvulns.ru no-pyccku


Cisco ACE multiple security vulneraiblities
Published:26.02.2009
Source:
SecurityVulns ID:9700
Type:remote
Threat Level:
7/10
Description:Privilege escalation, default accounts, DoS.
Affected:CISCO : Cisco ACE 4710
CVE:CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.)
 CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.)
 CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.)
 CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).)
 CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.)
 CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access.)
 CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application Networking Manager (ANM) before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service (service outage) by stopping processes, or obtain sensitive information by reading configuration files.)
 CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default MySQL root password, which makes it easier for remote attackers to execute arbitrary operating-system commands or change system files.)
 CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default usernames and passwords, which makes it easier for remote attackers to access the application, or cause a denial of service via configuration changes, related to "default user credentials during installation.")
 CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions.")
Original documentdocumentCISCO, Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities (26.02.2009)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine (26.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod