Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine

cisco-sa-20100811-ace · High · Published 15 years ago · Updated 15 years ago

Data: Cisco advisories 1 day ago · Cisco CSAF 4 hours ago · NVD CVEs 7 hours ago · NVD CPEs 1 day ago · CISA KEV 1 day ago · EPSS 1 day ago

The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities: Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability Secure Socket Layer (SSL) DoS vulnerability SIP inspection DoS vulnerability Cisco has released free software updates for affected customers. Workarounds that mitigate some of the vulnerabilities are available. Note: These vulnerabilities are independent of each other. A device may be affected by one vulnerability and not affected by another. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100811-ace .

Cisco advisory ·CSAF JSON

Workarounds

No workaround information imported yet.

CVEs	CVE-2010-2822, CVE-2010-2823, CVE-2010-2824, CVE-2010-2825
Cisco Bug IDs	NA
CVSS Score	Base 7.8 Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C/CDP:N/TD:N/CR:ND/IR:ND/AR:ND

Products with public affected evidence

Product	CVE	Affected evidence
Cisco ACE 4700 Series Application Control Engine Appliances	CVE-2010-2825	structured affected CSAF product_status
Cisco ACE 4700 Series Application Control Engine Appliances	CVE-2010-2822	structured affected CSAF product_status
Cisco ACE 4700 Series Application Control Engine Appliances	CVE-2010-2823	structured affected CSAF product_status