Vulnerabilites related to cisco - ace_4710
CVE-2009-0742 (GCVE-0-2009-0742)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 21:57
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:51.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0742",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-26T00:00:00Z",
"dateUpdated": "2024-09-16T21:57:38.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0621 (GCVE-0-2009-0621)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-17 01:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/33900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-0621",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-18T00:00:00Z",
"dateUpdated": "2024-09-17T01:50:51.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2825 (GCVE-0-2010-2825)
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-17 00:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-13T20:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2010-2825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2825",
"datePublished": "2010-08-13T20:00:00Z",
"dateReserved": "2010-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T00:15:28.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2823 (GCVE-0-2010-2823)
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-17 01:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-13T20:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2010-2823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2823",
"datePublished": "2010-08-13T20:00:00Z",
"dateReserved": "2010-07-23T00:00:00Z",
"dateUpdated": "2024-09-17T01:05:47.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1576 (GCVE-0-2010-1576)
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/512144/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1024167 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/41315 | vdb-entry, x_refsource_BID | |
| http://www.vsecurity.com/resources/advisory/20100702-1/ | x_refsource_MISC | |
| http://osvdb.org/66092 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1024168 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41315"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "66092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66092"
},
{
"name": "1024168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41315"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "66092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66092"
},
{
"name": "1024168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2010-1576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "66092",
"refsource": "OSVDB",
"url": "http://osvdb.org/66092"
},
{
"name": "1024168",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-1576",
"datePublished": "2010-07-06T14:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2822 (GCVE-0-2010-2822)
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-16 22:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-13T20:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2010-2822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-2822",
"datePublished": "2010-08-13T20:00:00Z",
"dateReserved": "2010-07-23T00:00:00Z",
"dateUpdated": "2024-09-16T22:56:55.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0623 (GCVE-0-2009-0623)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/33900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-0623",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:36.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0960 (GCVE-0-2008-0960)
Vulnerability from cvelistv5
Published
2008-06-10 18:00
Modified
2024-08-07 08:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:01:40.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30574"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30574"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2008-0960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"name": "35463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35463"
},
{
"name": "30615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30615"
},
{
"name": "http://support.apple.com/kb/HT2163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2163"
},
{
"name": "ADV-2008-1787",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"name": "30648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30648"
},
{
"name": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"name": "32664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32664"
},
{
"name": "ADV-2008-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name": "ADV-2008-1801",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"name": "SUSE-SA:2008:039",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"name": "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
"refsource": "MLIST",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"name": "31351",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31351"
},
{
"name": "ADV-2008-1788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"name": "FEDORA-2008-5215",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"name": "29623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29623"
},
{
"name": "31334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31334"
},
{
"name": "ADV-2008-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "oval:org.mitre.oval:def:10820",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"name": "oval:org.mitre.oval:def:6414",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"name": "30626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30626"
},
{
"name": "SSRT080082",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"name": "HPSBMA02439",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"name": "VU#878044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"name": "30647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30647"
},
{
"name": "238865",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-1836",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"name": "33003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33003"
},
{
"name": "20080610 SNMP Version 3 Authentication Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31568"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "DSA-1663",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"name": "TA08-162A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-006.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"name": "RHSA-2008:0528",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"name": "3933",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3933"
},
{
"name": "RHSA-2008:0529",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"name": "30612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30612"
},
{
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"name": "5790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"name": "ADV-2008-1797",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"name": "GLSA-200808-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"name": "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"name": "30665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30665"
},
{
"name": "FEDORA-2008-5218",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"name": "FEDORA-2008-5224",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"name": "ADV-2008-1800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"name": "MDVSA-2008:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=833770",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"name": "1020218",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"name": "30596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30596"
},
{
"name": "oval:org.mitre.oval:def:5785",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"name": "ADV-2009-1612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"name": "30574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30574"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-0960",
"datePublished": "2008-06-10T18:00:00",
"dateReserved": "2008-02-25T00:00:00",
"dateUpdated": "2024-08-07T08:01:40.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0622 (GCVE-0-2009-0622)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/33900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-0622",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-18T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:30.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2629 (GCVE-0-2010-2629)
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/512144/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1024167 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/41315 | vdb-entry, x_refsource_BID | |
| http://www.vsecurity.com/resources/advisory/20100702-1/ | x_refsource_MISC | |
| http://securitytracker.com/id?1024168 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41315"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "1024168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024168"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41315"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "1024168",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024168"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2010-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"name": "1024167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024167"
},
{
"name": "41315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"name": "http://www.vsecurity.com/resources/advisory/20100702-1/",
"refsource": "MISC",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"name": "1024168",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024168"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2629",
"datePublished": "2010-07-06T14:00:00",
"dateReserved": "2010-07-06T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0624 (GCVE-0-2009-0624)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 19:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021769 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/33900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1021769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-0624",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-18T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:24.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0625 (GCVE-0-2009-0625)
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 22:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021769 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/33900 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T16:00:00Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1021769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33900"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2009-0625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021769"
},
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2009-0625",
"datePublished": "2009-02-26T16:00:00Z",
"dateReserved": "2009-02-18T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:28.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_control_engine_module | * | |
| cisco | application_control_engine_module | 1.0 | |
| cisco | catalyst_6500 | * | |
| cisco | catalyst_7600 | * | |
| cisco | ace_4710 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F61AD2BC-FAE6-40F3-B872-964FD4CEE39E",
"versionEndIncluding": "1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2258512F-36CD-48FF-AAB3-32D6A63959D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D63186-5834-448C-98F2-0C189A11D25D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI)."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anterior a A2(1.2) y Cisco ACE 4710 Application Control Engine Appliance anterior a A1(8a), permite a usuarios autenticados en remoto ejecutar comandos de su elecci\u00f3n del sistema-operativo a trav\u00e9s de una interfaz de l\u00ednea de comandos (CLI)."
}
],
"evaluatorSolution": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml\r\n\r\nCisco ACE module software can be downloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289\r\n\r\nCisco ACE 4710 Application Control Engine appliance software can be downloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179",
"id": "CVE-2009-0622",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.157",
"references": [
{
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33900"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | content_services_switch_11500 | * | |
| cisco | content_services_switch_11500 | 8.20.0.01 | |
| cisco | content_services_switch_11500 | 08.20.1.01 | |
| cisco | content_services_switch_11500 | 8.20.1.01 | |
| cisco | content_services_switch_11500 | 8.20.2.01 | |
| cisco | ace_4710 | * | |
| cisco | ace_4710 | a1\(2.0\) | |
| cisco | ace_4710 | a1\(8.0\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522CC12B-058D-4711-8A04-AAC81A460B2B",
"versionEndIncluding": "8.20.3.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "934D3A1C-7723-4250-BC86-5921572AB358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA31CE-19C7-4FDB-8A0A-F1C252EC6146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "545E9F44-A61F-4037-9BDF-5DE7F8E506B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7241A8A3-C8C8-44CA-990F-BDA47EB75D64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF387C-79BE-481C-A461-D32DCF421CC1",
"versionEndIncluding": "a3\\(2.5\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576."
},
{
"lang": "es",
"value": "Cisco Content Services Switch (CSS) 11500 con software v8.20.4.02 y Application Control Engine (ACE) 4710 con software A2(3.0) no maneja adecuadamente las terminacioens de cabecera LF en situaciones donde la l\u00ednea GET es terminada con CRLF, permitiendo a atacantes remotos llevar a cabo ataques contrabando de peticiones HTTP y probablemente superar la inserci\u00f3n de cabeceras de datos privistas, como qued\u00f3 demostrado por el car\u00e1cter LF entre las cabeceras ClientCert-Subject y ClientCert-Subject-CN. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2010-1576."
}
],
"id": "CVE-2010-2629",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-06T17:17:13.517",
"references": [
{
"source": "[email protected]",
"url": "http://securitytracker.com/id?1024167"
},
{
"source": "[email protected]",
"url": "http://securitytracker.com/id?1024168"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"source": "[email protected]",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(2.5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0A2481D0-BEAA-4147-B631-DFEA3E0C441E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funcionalidad \"deep packet inspection\" de \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.6) permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sobrecarga del dispositivo) a trav\u00e9s de paquetes HTTP modificados, relacionado con la inspecci\u00f3n HTTP, RTSP, y SIP. Tambi\u00e9n conocido como Bug ID CSCtb54493."
}
],
"id": "CVE-2010-2823",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-17T05:41:21.520",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_control_engine_module | * | |
| cisco | catalyst_6500 | * | |
| cisco | catalyst_7600 | * | |
| cisco | ace_4710 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B848A4E7-6D42-40EC-9019-0F65BD2FA8D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D63186-5834-448C-98F2-0C189A11D25D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information."
},
{
"lang": "es",
"value": "El comando de nombre de usuario en el modulo Cisco ACE Application Control Engine para los Switches Catalyst 6500 y Routers 7600 y Cisco ACE 4710 Application Control Engine Appliance almacena una contrase\u00f1a por defecto en texto claro, lo que permite a atacantes (dependiendo del contexto) obtener informaci\u00f3n sensible."
}
],
"evaluatorComment": "Note that CVE-2009-0742 is not referenced on the vendor advisory page at:\r\n\r\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
"id": "CVE-2009-0742",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.233",
"references": [
{
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(2.5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0A2481D0-BEAA-4147-B631-DFEA3E0C441E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "152B69CD-BCC3-42FF-97AC-072BFDA0AF1A",
"versionEndIncluding": "a2\\(3.1.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D63186-5834-448C-98F2-0C189A11D25D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funcionalidad de inspecci\u00f3n RTSP del m\u00f3dulo \"Cisco Application Control Engine\" (ACE) con software anterior a A2(3.2) de Catalyst 6500 series switches y 7600 series routers, y el \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.6), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga del dispositivo) a trav\u00e9s de paquetes RTSP sobre TCP. Tambi\u00e9n conocido como Bug IDs CSCta85227 y CSCtg14858."
}
],
"id": "CVE-2010-2822",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-17T05:41:21.487",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2025-04-11 00:51
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | content_services_switch_11500 | * | |
| cisco | content_services_switch_11500 | 8.20.0.01 | |
| cisco | content_services_switch_11500 | 08.20.1.01 | |
| cisco | content_services_switch_11500 | 8.20.1.01 | |
| cisco | content_services_switch_11500 | 8.20.2.01 | |
| cisco | ace_4710 | * | |
| cisco | ace_4710 | a1\(2.0\) | |
| cisco | ace_4710 | a1\(8.0\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522CC12B-058D-4711-8A04-AAC81A460B2B",
"versionEndIncluding": "8.20.3.03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "934D3A1C-7723-4250-BC86-5921572AB358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "63BA31CE-19C7-4FDB-8A0A-F1C252EC6146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "545E9F44-A61F-4037-9BDF-5DE7F8E506B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "7241A8A3-C8C8-44CA-990F-BDA47EB75D64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FF387C-79BE-481C-A461-D32DCF421CC1",
"versionEndIncluding": "a3\\(2.5\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885."
},
{
"lang": "es",
"value": "El Content Services Switch Cisco (CSS) 11500 con software anterios a v8.20.4.02 y el Application Control Engine (ACE) 4710 con software anterior a vA2(3.0) no gestiona adecuadamente el uso de LF, CR y LFCR como alternativas a la secuencia estandar CRLF entre cabeceras HTTP, lo cual permite a los atacantes remotos evitar las restricciones de inserciones de cabecera HTTP o llevar a cabo ataques de contrabando a trav\u00e9s de cabeceras de datos manipuladas, como lo demuestra el caracter LF precediendo a las cabeceras ClientCert-Subject y ClientCert-Subject-CN, tambi\u00e9n conocido como Bug ID CSCta04885."
}
],
"id": "CVE-2010-1576",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-06T17:17:13.233",
"references": [
{
"source": "[email protected]",
"url": "http://osvdb.org/66092"
},
{
"source": "[email protected]",
"url": "http://securitytracker.com/id?1024167"
},
{
"source": "[email protected]",
"url": "http://securitytracker.com/id?1024168"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"source": "[email protected]",
"tags": [
"Exploit"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/512144/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.vsecurity.com/resources/advisory/20100702-1/"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ace_module | * | |
| cisco | ace_module | * | |
| cisco | ace_module | * | |
| cisco | catalyst_6500 | * | |
| cisco | catalyst_7600 | * | |
| cisco | ace_4710 | * | |
| cisco | ace_4710 | a1\(2.0\) | |
| cisco | ace_4710 | a1\(2.3\) | |
| cisco | ace_4710 | a1\(8.0\) | |
| cisco | ace_4710 | a3\(1.0\) | |
| cisco | ace_4710 | a3\(2.0\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "152B69CD-BCC3-42FF-97AC-072BFDA0AF1A",
"versionEndIncluding": "a2\\(3.1.0\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CD3DD6A-3471-4523-AF1D-EF58E82FF00D",
"versionEndIncluding": "a2\\(3.1.6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2253DEEB-37A6-491F-A201-9719F29915E7",
"versionEndIncluding": "a2\\(3.2.2.0\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D63186-5834-448C-98F2-0C189A11D25D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "571AA77E-280A-4479-8444-4197C3EB0FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la funcionalidad de inspecci\u00f3n SIP en el m\u00f3dulo \"Cisco Application Control Engine\" (ACE) con software A2(1.x) anterior a A2(1.6), A2(2.x) anterior a A2(2.3), y A2(3.x) anterior a A2(3.1) de Catalyst 6500 series switches y 7600 series routers, y el \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.4). Permite a atacantes remotos provocar una denegaci\u00f3n de servicio (sobrecarga del dispositivo) a trav\u00e9s de paquetes SIP modificados sobre (1) TCP o (2) UDP, tambi\u00e9n conocido como Bug IDs CSCta65603 y CSCta71569."
}
],
"id": "CVE-2010-2825",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-08-17T05:41:21.583",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F0D8DA3-2B73-4DE7-933B-23C199B50BD9",
"versionEndIncluding": "a1\\(2.0\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF3BB9E-7AAE-4B04-B5A5-B61FE82AA94F",
"versionEndIncluding": "a2\\(1.1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*",
"matchCriteriaId": "712DA93A-13CE-4E27-84FC-D2ECEEFFD568",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*",
"matchCriteriaId": "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en \"Cisco ACE Application Control Engine Module\" para Switches Catalyst 6500 y routers anteriores A1(v1.2) y Cisco ACE 4710 \"Application Control Engine Appliance\" anteriores A1(8.0), permite a atacantes remotos provocar una denegaci\u00f3n de servicio (recarga de dispositivo) a trav\u00e9s de un paquete SNMPv3 manipulada. \r\n"
}
],
"id": "CVE-2009-0625",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.217",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "[email protected]",
"url": "http://www.securitytracker.com/id?1021769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021769"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access."
},
{
"lang": "es",
"value": "Cisco ACE 4710 Application Control Engine Appliance anterior a vA1(8a) utiliza por defecto (1) nombre de usuario y (2) contrase\u00f1as para (a) el administrador (b) gesti\u00f3n Web y (c) gesti\u00f3n de dispositivos, lo que permite f\u00e1cilmente a los atacantes remotos realizar cambios de configuraci\u00f3n, la gesti\u00f3n de los dispositivos y otros componentes, o obtener acceso al sistema operativo."
}
],
"id": "CVE-2009-0621",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.140",
"references": [
{
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33900"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE398278-79E8-4043-9ED3-735775213587",
"versionEndIncluding": "a3\\(2.0\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19E93539-6D77-4D1E-BF77-C35EE2170D4B",
"versionEndIncluding": "a2\\(1.2\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:a2\\(1.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C5EDC4AB-2D1B-4233-A260-9D5521057F09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*",
"matchCriteriaId": "712DA93A-13CE-4E27-84FC-D2ECEEFFD568",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*",
"matchCriteriaId": "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en \"Cisco ACE Application Control Engine Module\" para Catalyst 6500 Switches y 7600 Routers anteriores A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteriores a A3(2.1) que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (reinicio del dispositivo) a trav\u00e9s de un paquete SSH manipulado."
}
],
"id": "CVE-2009-0623",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.170",
"references": [
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33900"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_control_engine_module | * | |
| cisco | application_control_engine_module | 1.0 | |
| cisco | application_control_engine_module | 1.1 | |
| cisco | catalyst_6500 | * | |
| cisco | catalyst_7600 | * | |
| cisco | ace_4710 | * | |
| cisco | ace_4710 | a1\(2.0\) | |
| cisco | ace_4710 | a1\(8.0\) | |
| cisco | ace_4710 | a3\(1.0\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8CC891-D31C-44D2-BB76-F5ADE15D767C",
"versionEndIncluding": "1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2258512F-36CD-48FF-AAB3-32D6A63959D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:application_control_engine_module:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1331F98-6AB3-4285-BF6E-4DEAADE069D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D63186-5834-448C-98F2-0C189A11D25D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE398278-79E8-4043-9ED3-735775213587",
"versionEndIncluding": "a3\\(2.0\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "142B1472-4694-436F-85C0-52B6A9CFCA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la implementaci\u00f3n SNMPv2c en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anteriores a A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteior a A3(2.1); permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio del dispositivo) a trav\u00e9s de un paquete SNMPv1 manipulado."
}
],
"evaluatorComment": "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml\r\n\r\n\"Note: SNMPv2c must be explicitly configured in an affected device in order to process any SNMPv2c transactions. SNMPv2c is not enabled by default.\"",
"id": "CVE-2009-0624",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-26T16:17:20.187",
"references": [
{
"source": "[email protected]",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "[email protected]",
"url": "http://www.securitytracker.com/id?1021769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021769"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-10 18:32
Modified
2025-04-09 00:30
Severity ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:catos:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAC7FBF-2493-42CA-9B23-20AF09F0DDA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE64E4C4-BACE-404F-966D-415976781DC4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "377F951F-C2D8-441D-A532-F62E23937F94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "34A3A284-36A9-4E8C-815D-6E2FE4C158DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.0:s:*:*:*:*:*:*",
"matchCriteriaId": "A5823F33-7FB3-465B-8017-1866D9EF3AA6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.0:sy:*:*:*:*:*:*",
"matchCriteriaId": "94870E9E-C883-4051-8854-CDE0AE7A64B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.1:e:*:*:*:*:*:*",
"matchCriteriaId": "85C2FF9C-7730-4DBF-8C86-1EF0F1E71D8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:ewa:*:*:*:*:*:*",
"matchCriteriaId": "4A4AFC06-85C5-4AD0-A409-27F9AF398D7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:jk:*:*:*:*:*:*",
"matchCriteriaId": "EB593071-BB5A-47AD-B9C6-59D2010F6280",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sb:*:*:*:*:*:*",
"matchCriteriaId": "74382B2D-E9A6-453D-9C07-F959EAB4C075",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sg:*:*:*:*:*:*",
"matchCriteriaId": "B3D93383-BD5A-4052-B724-055F6FCFC314",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sga:*:*:*:*:*:*",
"matchCriteriaId": "6B1E3C39-163D-4A99-AC96-2EE388305000",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sra:*:*:*:*:*:*",
"matchCriteriaId": "90710000-F963-4F36-9EE1-C3CE1CECDCA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:srb:*:*:*:*:*:*",
"matchCriteriaId": "5F4F8B9E-B2AB-4545-8ACF-8F03E636E842",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:src:*:*:*:*:*:*",
"matchCriteriaId": "6E2D6402-D2AF-4817-8A46-1FA9B17B720C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxb:*:*:*:*:*:*",
"matchCriteriaId": "79BB5494-735D-424B-8B41-2FAECE1A7AD4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxd:*:*:*:*:*:*",
"matchCriteriaId": "FD6178BC-9741-4FC1-87DA-A5407B3A4F40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:sxf:*:*:*:*:*:*",
"matchCriteriaId": "2A419BD7-6345-43D8-B69C-2255E2EF6FD7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:zl:*:*:*:*:*:*",
"matchCriteriaId": "B472DEEE-148A-46B4-BCBC-0A9F62F38B31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.2:zy:*:*:*:*:*:*",
"matchCriteriaId": "23305EBA-11D5-417E-823E-39D0D052839D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8D0F64-5DE1-4A6F-91F0-8A8509BF077F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:b:*:*:*:*:*:*",
"matchCriteriaId": "95418AD2-FB85-4E20-B874-D82DDF88BC91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:ja:*:*:*:*:*:*",
"matchCriteriaId": "14D1B81D-95E4-4945-94F2-C36FD7C0DC55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jeb:*:*:*:*:*:*",
"matchCriteriaId": "452FF154-F6C0-4BC4-969E-1D49AA3CCE49",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jk:*:*:*:*:*:*",
"matchCriteriaId": "3AB6C57C-8805-443F-8ACE-83DAA48878CA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jl:*:*:*:*:*:*",
"matchCriteriaId": "554C9611-55F1-40AF-9862-7E902D5CE1D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:jx:*:*:*:*:*:*",
"matchCriteriaId": "F89C185A-D3B3-4F5F-9249-F8EE89E8DD04",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:t:*:*:*:*:*:*",
"matchCriteriaId": "EEB0B55E-3579-4929-862F-C5FF9F796AE1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xa:*:*:*:*:*:*",
"matchCriteriaId": "8E8E34D3-0BCB-4D19-A41C-0375941E1B21",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xg:*:*:*:*:*:*",
"matchCriteriaId": "09CBD68E-2A5C-43DF-9AD6-DE07815821B3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xi:*:*:*:*:*:*",
"matchCriteriaId": "01393D91-ED1D-460D-8621-10260F0CBDD0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xk:*:*:*:*:*:*",
"matchCriteriaId": "8AB2FF53-5991-4264-B5CC-D1E45460BFCE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:xr:*:*:*:*:*:*",
"matchCriteriaId": "1A1FAF42-B7B1-40B0-A0F7-5DF821E6193F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yf:*:*:*:*:*:*",
"matchCriteriaId": "1BE94EA2-E0CC-4760-94A8-DE56C8181F74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yi:*:*:*:*:*:*",
"matchCriteriaId": "929836AD-8128-4174-872D-B9638B54611C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yt:*:*:*:*:*:*",
"matchCriteriaId": "5ED5B53D-930D-477E-A0F6-76167AE67641",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.3:yx:*:*:*:*:*:*",
"matchCriteriaId": "84983F6A-64F6-4720-9291-FC84CA10EE25",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A60117-E4D1-4741-98A2-E643A26616A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:t:*:*:*:*:*:*",
"matchCriteriaId": "156B91B9-1F5B-4E83-A2B7-A5B7F272D5B1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xa:*:*:*:*:*:*",
"matchCriteriaId": "C9E90E83-1732-4BEF-BC5B-401769DC8880",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xc:*:*:*:*:*:*",
"matchCriteriaId": "51679B26-DF28-4E41-9801-E1599F250FFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xd:*:*:*:*:*:*",
"matchCriteriaId": "E989900F-BE66-47E4-9A1B-11B9785F89BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xe:*:*:*:*:*:*",
"matchCriteriaId": "95A01B7E-8231-4001-A340-31CE66474FDA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xj:*:*:*:*:*:*",
"matchCriteriaId": "3CC62D3B-A287-4DED-A44D-3351452D4A55",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:cisco_ios:12.4:xw:*:*:*:*:*:*",
"matchCriteriaId": "687E91FF-957E-449F-BDD6-85AA59E1E0D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "79528F96-FD42-4A76-82EE-4B1324D53B5F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D626B494-6210-4F74-8D17-BA480B6665C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82B6315D-7BEF-419F-9B93-3CF669E986D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33CCFFC6-9D26-4C39-AF76-0B8FCDE743CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FB31FAC-D720-4BF1-BFCC-0A9B714E292A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "904CA41E-8168-41DE-AE84-941962A7BB71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D69F8FA-D58A-4F53-86D8-A20C73E9B299",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD331C50-DB93-4001-B56A-C1012F894CDF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75538529-611A-43B5-AC4D-089C4E2E2ACC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F992D03D-1DB8-44C1-B59D-1C09A32A2C91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8BC298-4AF9-4281-9AD9-0D8F621E46B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:ios_xr:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F2FE436B-2117-4FB4-B550-8454848D1D58",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69D2BD63-C110-4E89-B239-4A59E20AB78E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0.1:a:*:*:*:*:*:*",
"matchCriteriaId": "43E5FFB6-861D-4F91-B3C9-C5E57DDD25C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:cisco:nx_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD3BD3D-767D-483D-9FFE-D23AA2E228E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6762126F-55E4-4963-99F5-206A46979E7C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1945B97A-8276-4EE2-8F76-5F0C0956DF18",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8CA81F-2AB6-45F8-8AAE-BF6A7EDA73D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2452913-0513-46BB-A52E-8FA12D77B570",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:ecos_sourceware:ecos:2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "5D967624-23B1-48BB-91DB-1E1C18AAAD85",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18CCF3B9-CA7D-4D37-BD2C-1B74586B98A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A0AB8C2-EE95-48AA-98B7-B6ED40494A0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77930529-89BE-463D-8259-3D67D153284A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "743DEB17-3BE3-4278-A54B-2CE547DB9F31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCAF8C2-0E4E-4474-BD1E-F28A6EAEF8F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BCA127-F5F3-418F-890D-6B1C03019590",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA5A2C2F-ABF4-46B0-80AB-867B97AE5237",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BE83150C-456E-462A-A0F1-ED8EAD60D671",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5B2431-335C-461B-B07F-88267EA71DCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBA8E67-021A-4D07-94B9-943A8E1C4468",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905D1F04-CDFD-4BAD-8939-5ABC70A874E6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00878E69-2721-43E3-A853-D3DCFE5C258D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C51799BB-D931-436C-8C94-558956AC880A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ACC549-B5AF-4F5C-A3FE-257AA6D80C7A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D498D406-A453-4119-BBA1-4709CF5862AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D68555E-BEB9-4F1E-8D6D-C313FB501523",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B44A0D4-3020-414B-81D7-679E8441E182",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:solaris:10.0:unkown:x86:*:*:*:*:*",
"matchCriteriaId": "B76A8BD4-E53F-49A6-946B-6E672DD0419C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ace_10_6504_bundle_with_4_gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C6B46B-13E2-4DA4-9EF2-007893034269",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_10_6509_bundle_with_8_gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C501EB-CF9F-437D-A7C0-2A12F1D5E171",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_10_service_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "538FE81A-2FD9-4A7C-AEC7-8FCE98DADBE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_6504_bundle_with__4gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15D3471D-6267-4481-8BBD-BFC106E8F30B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_6509_bundle_with_8gbps_throughput:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13FB3C8A-87D3-4601-BD97-2B9F9FA8CA47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_20_service_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0292228-80D8-4BA4-8662-698D7003D7D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_xml_gateway:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "522C9080-86A6-40A8-905C-73187DAF83F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:ace_xml_gateway:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1B7A18-F230-44D4-801E-8284085CA1DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9120:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E62CC4C-89A7-4594-BDD8-394211889220",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9124:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E152F995-BCD2-4725-A47C-1A5E7D6B9005",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9134:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E38404-ED69-4B0E-A035-2AF5E0649CC1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:cisco:mds_9140:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A90F0A06-A634-4BD0-A477-90BD3384B7D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "346E0D1B-CF9E-48BC-AE7A-F8CEF09F6741",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0123D2ED-3983-45D3-B54A-3E75FCE99C6D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CA6C29-1DF1-46E3-BDCA-9ED72D3E6731",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E50E974E-87F5-45A2-88BA-B1E4913E3DAD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4AB25CC-BB96-4675-98D7-C5FF30C24014",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7C95AD-3D5F-458B-A761-5D7779FEA327",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E4A3F6-5D89-47D0-84AD-601682399D8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C700A36D-5FB4-475D-BE85-74511830870A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02060365-1D67-4611-8D79-B9FC354EBF99",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "194BD880-F672-4492-8356-B14C8DA8C2DB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D769FC-3081-48F8-BBF1-3964F3F8B569",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A966DB26-8A52-4F4D-9C0E-8A8719A195AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6675DF0-963A-4091-9786-7CE3337EE47E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77A94931-8584-4021-A5BB-83FF22D54955",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F06FB120-9BB3-4363-B2A2-A3475993FDFD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8229DE3A-B9CB-44FF-8409-51E09DDED479",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAD7A89-294A-45DA-B5F5-C69F7FCC4A5E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2699E7A6-7B3A-4C4C-9472-B8B6B547624D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D913348F-351C-4D78-A0AA-27B355D52235",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3E88A46-CEC7-46D5-9697-232E18531FD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F16B8D0-81F5-4ECE-8276-EC30DDCCE1A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0ECFBAFE-9267-469A-A97F-F716969B247C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48F839C7-7B33-4BF6-9ACF-76F32F5D7C72",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1559E6-E7B6-4B5B-8841-CF502E05BA46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F041246F-5B7F-4F63-9E81-02465C9062C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB78013-DEE9-438E-ABD1-5E3D932177BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D77447C3-AA72-4CAB-A0B1-0883D41AD064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "473038C0-1644-4FF2-A1DA-BCB8A7CD1CA2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C3F04F-7581-4DCA-970D-9FCBB56EA724",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABF04A7-8230-4AB9-8D66-DF1463037823",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_firewall:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EC205E36-7027-4A9B-8574-9BB9C68007A5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C55DD7-986A-4AB6-8F61-5A5D26531011",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84DDD7E4-D5D7-4341-9482-2B918306578D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14A3C59C-6A3D-477B-B425-1C085D6951E3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31AA57F4-5023-4333-9F19-C9D362E8E495",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "063034FF-0AB8-4D78-9822-0DCA9657C853",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67477EC7-363E-45B5-BA53-1A4E9FB20CDE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78E11F95-E635-465C-BD7F-5F7E9192DEAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74F145F0-573E-4CBC-AB69-3B77D6F9A540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DA7D86-8845-43CA-80DC-3D794322CB28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD34FEB-7956-44AE-A510-2E5F9EF61651",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DEF5098-3791-4CEB-A436-2809A4385D27",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D895880-FB98-4472-A164-458CE086F339",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7912AA3-0469-479E-9C5A-53F20E504956",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8677C6C8-39CA-492A-A196-9DFAF892120C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51FA6F2A-8444-4BB2-B7F2-B97AEFFF9E27",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60E46CAD-0032-4CD6-AA2A-871E1DFC3A35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22CE55DE-00CA-4F87-9CA0-80A360E332FA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63DC81FA-A6B4-41DC-8097-8944D06A2451",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB87853E-CAFF-48D8-9C56-A2DE325235D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "61E35451-BEE3-412A-8706-5522C00BE1DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E599E0CE-CCB7-4A30-8AA9-45BBC11AFEC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F45326B3-CC4E-4C3A-9819-28936A0432F4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBF1A78-7190-4326-84BD-C18CC354DA38",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D97FFBA0-2E80-40EF-A4AC-F26D3490371E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5A442F5B-5A1A-4CD0-B693-851FFB917E5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "074BCB70-AD66-4141-9DD3-9DE73BDCB0F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "646BF70F-CB7B-48E3-8563-E089E1CECD11",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CD34A7B-508C-45F2-8725-FE42398D3652",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2785732-A5C7-434E-B45D-13138B574F45",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "989A4E8A-F23D-4BF5-B860-FB7B04A1CE56",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07E1241-24BE-48D3-B737-56B2AAA3AF64",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ingate:ingate_siparator:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB751FD-CCCA-4131-A24F-65DEF1128B26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D106F4E4-4B41-4002-8C34-6A9C3A0FF640",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:session_and_resource_control:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863583DC-DD93-46DC-BA06-0B838CDB2565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:src_pe:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D50E1B4-A64E-45D5-8A44-947DE7B8AAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:juniper:src_pe:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5F1A8F-5ED9-4ED0-A336-A0E4A439E6F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n SNMPv3 HMAC en (1) Net-SNMP versi\u00f3n 5.2.x anterior a 5.2.4.1, versi\u00f3n 5.3.x anterior a 5.3.2.1 y versi\u00f3n 5.4.x anterior a 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series versi\u00f3n 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (tambi\u00e9n se conoce como Network Appliance) ONTAP versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versi\u00f3n anterior a 16.2; (7) m\u00faltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall versi\u00f3n 3.1.0 y posterior y SIParator versi\u00f3n 3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent versi\u00f3n 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticaci\u00f3n SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte."
}
],
"id": "CVE-2008-0960",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "[email protected]",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-10T18:32:00.000",
"references": [
{
"source": "[email protected]",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"source": "[email protected]",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"source": "[email protected]",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"source": "[email protected]",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "[email protected]",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "[email protected]",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30574"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30596"
},
{
"source": "[email protected]",
"url": "http://secunia.com/advisories/30612"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30615"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30626"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30647"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30648"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30665"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30802"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31334"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31351"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31467"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31568"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32664"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33003"
},
{
"source": "[email protected]",
"url": "http://secunia.com/advisories/35463"
},
{
"source": "[email protected]",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"source": "[email protected]",
"url": "http://securityreason.com/securityalert/3933"
},
{
"source": "[email protected]",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"source": "[email protected]",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"source": "[email protected]",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"source": "[email protected]",
"url": "http://support.apple.com/kb/HT2163"
},
{
"source": "[email protected]",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"source": "[email protected]",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"source": "[email protected]",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"source": "[email protected]",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"source": "[email protected]",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"source": "[email protected]",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"source": "[email protected]",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"source": "[email protected]",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"source": "[email protected]",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"source": "[email protected]",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"source": "[email protected]",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"source": "[email protected]",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"source": "[email protected]",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"source": "[email protected]",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"source": "[email protected]",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"source": "[email protected]",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"source": "[email protected]",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "[email protected]",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"source": "[email protected]",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"source": "[email protected]",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"source": "[email protected]",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"source": "[email protected]",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"source": "[email protected]",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"source": "[email protected]",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"source": "[email protected]",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"source": "[email protected]",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"source": "[email protected]",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.ingate.com/pipermail/productinfo/2008/000021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=127730470825399\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0528.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/33003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/forum/forum.php?forum_id=833770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1989089\u0026group_id=12694\u0026atid=456380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT2163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2008/dsa-1663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-7ETS87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ocert.org/advisories/ocert-2008-006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493218/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/29623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1787/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1788/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1797/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1800/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1801/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1836/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=447974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/5790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
}
],
"sourceIdentifier": "[email protected]",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "[email protected]",
"type": "Primary"
}
]
}