Vulnslist

find the latest Cisco vulnerabilities

Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability

cisco-sa-20160908-ace · High · Published · Updated

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incomplete input validation checks in the SSL/TLS code. An attacker could exploit this vulnerability by sending specific SSL/TLS packets to the affected device. An exploit could allow the attacker to trigger a reload of the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-6399
Cisco Bug IDsCSCvb16317
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C
Product Names From Source
Cisco ACE Application Control Engine Module, Cisco ACE 4700 Series Application Control Engine Appliances

Related Products

Product CVE Evidence
Cisco ACE 4700 Series Application Control Engine Appliances CVE-2016-6399 Cisco OpenVuln
Cisco ACE Application Control Engine Module CVE-2016-6399 Cisco OpenVuln