Vulnerabilites related to cisco - ace_4710
Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2024-11-21 01:17
Severity ?
Summary
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
Impacted products
Vendor Product Version
cisco ace_4710 *
cisco ace_4710 a1\(2.0\)
cisco ace_4710 a1\(8.0\)
cisco ace_4710 a3\(1.0\)
cisco ace_4710 a3\(2.0\)
cisco ace_4710 a3\(2.5\)
cisco ace_module *
cisco catalyst_6500 *
cisco catalyst_7600 *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(2.5\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2481D0-BEAA-4147-B631-DFEA3E0C441E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "152B69CD-BCC3-42FF-97AC-072BFDA0AF1A",
                     versionEndIncluding: "a2\\(3.1.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D63186-5834-448C-98F2-0C189A11D25D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad sin especificar en la funcionalidad de inspección RTSP del módulo \"Cisco Application Control Engine\" (ACE) con software anterior a A2(3.2) de Catalyst 6500 series switches y 7600 series routers, y el \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.6), permite a atacantes remotos provocar una denegación de servicio (recarga del dispositivo) a través de paquetes RTSP sobre TCP. También conocido como Bug IDs CSCta85227 y CSCtg14858.",
      },
   ],
   id: "CVE-2010-2822",
   lastModified: "2024-11-21T01:17:26.563",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-08-17T05:41:21.487",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6F0D8DA3-2B73-4DE7-933B-23C199B50BD9",
                     versionEndIncluding: "a1\\(2.0\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8AF3BB9E-7AAE-4B04-B5A5-B61FE82AA94F",
                     versionEndIncluding: "a2\\(1.1\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*",
                     matchCriteriaId: "712DA93A-13CE-4E27-84FC-D2ECEEFFD568",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*",
                     matchCriteriaId: "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad no especificada en \"Cisco ACE  Application Control Engine Module\" para Switches Catalyst 6500 y routers anteriores A1(v1.2) y Cisco ACE 4710 \"Application Control Engine Appliance\" anteriores A1(8.0), permite a atacantes remotos provocar una denegación de servicio (recarga de dispositivo) a través de un paquete SNMPv3 manipulada. \r\n",
      },
   ],
   id: "CVE-2009-0625",
   lastModified: "2024-11-21T01:00:33.013",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.217",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securitytracker.com/id?1021769",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1021769",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B848A4E7-6D42-40EC-9019-0F65BD2FA8D9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D63186-5834-448C-98F2-0C189A11D25D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.",
      },
      {
         lang: "es",
         value: "El comando de nombre de usuario en el modulo Cisco ACE Application Control Engine para los Switches Catalyst 6500 y Routers 7600 y Cisco ACE 4710 Application Control Engine Appliance almacena una contraseña por defecto en texto claro, lo que permite a atacantes (dependiendo del contexto) obtener información sensible.",
      },
   ],
   evaluatorComment: "Note that CVE-2009-0742 is not referenced on the vendor advisory page at:\r\n\r\nhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
   id: "CVE-2009-0742",
   lastModified: "2024-11-21T01:00:48.747",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 7.8,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.233",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-310",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2024-11-21 01:17
Severity ?
Summary
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
Impacted products
Vendor Product Version
cisco ace_module *
cisco ace_module *
cisco ace_module *
cisco catalyst_6500 *
cisco catalyst_7600 *
cisco ace_4710 *
cisco ace_4710 a1\(2.0\)
cisco ace_4710 a1\(2.3\)
cisco ace_4710 a1\(8.0\)
cisco ace_4710 a3\(1.0\)
cisco ace_4710 a3\(2.0\)



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "152B69CD-BCC3-42FF-97AC-072BFDA0AF1A",
                     versionEndIncluding: "a2\\(3.1.0\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "4CD3DD6A-3471-4523-AF1D-EF58E82FF00D",
                     versionEndIncluding: "a2\\(3.1.6\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2253DEEB-37A6-491F-A201-9719F29915E7",
                     versionEndIncluding: "a2\\(3.2.2.0\\)",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D63186-5834-448C-98F2-0C189A11D25D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.3\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "571AA77E-280A-4479-8444-4197C3EB0FBC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad sin especificar en la funcionalidad de inspección SIP en el módulo \"Cisco Application Control Engine\" (ACE) con software A2(1.x) anterior a A2(1.6), A2(2.x) anterior a A2(2.3), y A2(3.x) anterior a A2(3.1) de Catalyst 6500 series switches y 7600 series routers, y el \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.4). Permite a atacantes remotos provocar una denegación de servicio (sobrecarga del dispositivo) a través de paquetes SIP modificados sobre (1) TCP o (2) UDP, también conocido como Bug IDs CSCta65603 y CSCta71569.",
      },
   ],
   id: "CVE-2010-2825",
   lastModified: "2024-11-21T01:17:26.860",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-08-17T05:41:21.583",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2024-11-21 01:14
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "522CC12B-058D-4711-8A04-AAC81A460B2B",
                     versionEndIncluding: "8.20.3.03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "934D3A1C-7723-4250-BC86-5921572AB358",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "63BA31CE-19C7-4FDB-8A0A-F1C252EC6146",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "545E9F44-A61F-4037-9BDF-5DE7F8E506B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "7241A8A3-C8C8-44CA-990F-BDA47EB75D64",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3FF387C-79BE-481C-A461-D32DCF421CC1",
                     versionEndIncluding: "a3\\(2.5\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.",
      },
      {
         lang: "es",
         value: "El Content Services Switch Cisco (CSS) 11500 con software anterios a  v8.20.4.02 y el Application Control Engine (ACE) 4710 con software anterior a vA2(3.0) no gestiona adecuadamente el uso de LF, CR y LFCR como alternativas a la secuencia estandar CRLF entre cabeceras HTTP, lo cual permite a los atacantes remotos evitar las restricciones de inserciones de cabecera HTTP o llevar a cabo ataques de contrabando a través de cabeceras de datos manipuladas, como lo demuestra el caracter LF precediendo a las cabeceras ClientCert-Subject y ClientCert-Subject-CN, también conocido como Bug ID CSCta04885.",
      },
   ],
   id: "CVE-2010-1576",
   lastModified: "2024-11-21T01:14:43.387",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-07-06T17:17:13.233",
   references: [
      {
         source: "ykramarz@cisco.com",
         url: "http://osvdb.org/66092",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://securitytracker.com/id?1024167",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://securitytracker.com/id?1024168",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/41315",
      },
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Exploit",
         ],
         url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/66092",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1024167",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1024168",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/41315",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1B8CC891-D31C-44D2-BB76-F5ADE15D767C",
                     versionEndIncluding: "1.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2258512F-36CD-48FF-AAB3-32D6A63959D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1331F98-6AB3-4285-BF6E-4DEAADE069D1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D63186-5834-448C-98F2-0C189A11D25D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE398278-79E8-4043-9ED3-735775213587",
                     versionEndIncluding: "a3\\(2.0\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad no especificada en la implementación SNMPv2c en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anteriores a A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteior a A3(2.1); permite a atacantes remotos provocar una denegación de servicio (reinicio del dispositivo) a través de un paquete SNMPv1 manipulado.",
      },
   ],
   evaluatorComment: "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml\r\n\r\n\"Note: SNMPv2c must be explicitly configured in an affected device in order to process any SNMPv2c transactions. SNMPv2c is not enabled by default.\"",
   id: "CVE-2009-0624",
   lastModified: "2024-11-21T01:00:32.883",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.187",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securitytracker.com/id?1021769",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1021769",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
Impacted products
Vendor Product Version
cisco ace_4710 *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.",
      },
      {
         lang: "es",
         value: "Cisco ACE 4710 Application Control Engine Appliance anterior a vA1(8a) utiliza por defecto (1) nombre de usuario y (2) contraseñas para (a) el administrador (b) gestión Web y (c) gestión de dispositivos, lo que permite fácilmente a los atacantes remotos realizar cambios de configuración, la gestión de los dispositivos y otros componentes, o obtener acceso al sistema operativo.",
      },
   ],
   id: "CVE-2009-0621",
   lastModified: "2024-11-21T01:00:32.400",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.140",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33900",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-16",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F61AD2BC-FAE6-40F3-B872-964FD4CEE39E",
                     versionEndIncluding: "1.1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2258512F-36CD-48FF-AAB3-32D6A63959D7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "99DE48DF-A309-4A1C-B977-AE81B4EDB589",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst_7600:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C8D63186-5834-448C-98F2-0C189A11D25D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).",
      },
      {
         lang: "es",
         value: "Vulnerabilidad no especificada en Cisco ACE Application Control Engine Module para Catalyst 6500 Switches y 7600 Routers anterior a A2(1.2) y Cisco ACE 4710 Application Control Engine Appliance anterior a A1(8a), permite a usuarios autenticados en remoto ejecutar comandos de su elección del sistema-operativo a través de una interfaz de línea de comandos (CLI).",
      },
   ],
   evaluatorSolution: "Per: http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml\r\n\r\nCisco ACE module software can be downloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=280557289\r\n\r\nCisco ACE 4710 Application Control Engine appliance software can be downloaded from:\r\n\r\nhttp://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=281222179",
   id: "CVE-2009-0622",
   lastModified: "2024-11-21T01:00:32.533",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "COMPLETE",
               baseScore: 9,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:S/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.157",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33900",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-07-06 17:17
Modified
2024-11-21 01:17
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "522CC12B-058D-4711-8A04-AAC81A460B2B",
                     versionEndIncluding: "8.20.3.03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.0.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "934D3A1C-7723-4250-BC86-5921572AB358",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:08.20.1.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "63BA31CE-19C7-4FDB-8A0A-F1C252EC6146",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.1.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "545E9F44-A61F-4037-9BDF-5DE7F8E506B6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:content_services_switch_11500:8.20.2.01:*:*:*:*:*:*:*",
                     matchCriteriaId: "7241A8A3-C8C8-44CA-990F-BDA47EB75D64",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B3FF387C-79BE-481C-A461-D32DCF421CC1",
                     versionEndIncluding: "a3\\(2.5\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.",
      },
      {
         lang: "es",
         value: "Cisco Content Services Switch (CSS) 11500 con software v8.20.4.02 y Application Control Engine (ACE) 4710 con software A2(3.0) no maneja adecuadamente las terminacioens de cabecera LF en situaciones donde la línea GET es terminada con CRLF, permitiendo a atacantes remotos llevar a cabo ataques  contrabando de peticiones HTTP y probablemente superar la inserción de cabeceras de datos privistas, como quedó demostrado por el carácter LF entre las cabeceras ClientCert-Subject y ClientCert-Subject-CN. NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2010-1576.",
      },
   ],
   id: "CVE-2010-2629",
   lastModified: "2024-11-21T01:17:02.510",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-07-06T17:17:13.517",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1024167",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1024168",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/41315",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1024167",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1024168",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/41315",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2010-08-17 05:41
Modified
2024-11-21 01:17
Severity ?
Summary
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
Impacted products
Vendor Product Version
cisco ace_4710 *
cisco ace_4710 a1\(2.0\)
cisco ace_4710 a1\(8.0\)
cisco ace_4710 a3\(1.0\)
cisco ace_4710 a3\(2.0\)
cisco ace_4710 a3\(2.5\)



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "142B1472-4694-436F-85C0-52B6A9CFCA64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a1\\(8.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "A421567F-1772-46DC-9FBA-E0072DC6B7C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(2.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "2F635AF1-AFC0-420A-8227-0B161C9D15CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(2.5\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "0A2481D0-BEAA-4147-B631-DFEA3E0C441E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad sin especificar en la funcionalidad \"deep packet inspection\" de \"Cisco Application Control Engine\" (ACE) 4710 appliance con software anterior a A3(2.6) permite a atacantes remotos provocar una denegación de servicio (sobrecarga del dispositivo) a través de paquetes HTTP modificados, relacionado con la inspección HTTP, RTSP, y SIP. También conocido como Bug ID CSCtb54493.",
      },
   ],
   id: "CVE-2010-2823",
   lastModified: "2024-11-21T01:17:26.657",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2010-08-17T05:41:21.520",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2009-02-26 16:17
Modified
2024-11-21 01:00
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE398278-79E8-4043-9ED3-735775213587",
                     versionEndIncluding: "a3\\(2.0\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:a3\\(1.0\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "8F3BDA08-1786-46AD-93B3-C374BE1AC949",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "19E93539-6D77-4D1E-BF77-C35EE2170D4B",
                     versionEndIncluding: "a2\\(1.2\\)",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:application_control_engine_module:a2\\(1.1\\):*:*:*:*:*:*:*",
                     matchCriteriaId: "C5EDC4AB-2D1B-4233-A260-9D5521057F09",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst:6500:*:*:*:*:*:*:*",
                     matchCriteriaId: "712DA93A-13CE-4E27-84FC-D2ECEEFFD568",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:catalyst:7600:*:*:*:*:*:*:*",
                     matchCriteriaId: "521A4FD3-18E3-4937-A6AD-F7BDB3DB08ED",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad no especificada en \"Cisco ACE Application Control Engine Module\" para Catalyst 6500 Switches y 7600 Routers anteriores A2(1.3) y Cisco ACE 4710 Application Control Engine Appliance anteriores a A3(2.1) que permite a los atacantes remotos causar una denegación de servicio (reinicio del dispositivo) a través de un paquete SSH manipulado.",
      },
   ],
   id: "CVE-2009-0623",
   lastModified: "2024-11-21T01:00:32.720",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 7.8,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2009-02-26T16:17:20.170",
   references: [
      {
         source: "ykramarz@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "ykramarz@cisco.com",
         url: "http://www.securityfocus.com/bid/33900",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/33900",
      },
   ],
   sourceIdentifier: "ykramarz@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-06-10 18:32
Modified
2024-11-21 00:43
Severity ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
cret@cert.orghttp://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
cret@cert.orghttp://lists.ingate.com/pipermail/productinfo/2008/000021.html
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html
cret@cert.orghttp://marc.info/?l=bugtraq&m=127730470825399&w=2
cret@cert.orghttp://marc.info/?l=bugtraq&m=127730470825399&w=2
cret@cert.orghttp://rhn.redhat.com/errata/RHSA-2008-0528.html
cret@cert.orghttp://secunia.com/advisories/30574Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30596Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30612
cret@cert.orghttp://secunia.com/advisories/30615Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30626Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30647Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30648Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30665Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/30802Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/31334Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/31351Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/31467Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/31568Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/32664Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/33003Vendor Advisory
cret@cert.orghttp://secunia.com/advisories/35463
cret@cert.orghttp://security.gentoo.org/glsa/glsa-200808-02.xml
cret@cert.orghttp://securityreason.com/securityalert/3933
cret@cert.orghttp://sourceforge.net/forum/forum.php?forum_id=833770
cret@cert.orghttp://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
cret@cert.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1
cret@cert.orghttp://support.apple.com/kb/HT2163
cret@cert.orghttp://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
cret@cert.orghttp://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtmlVendor Advisory
cret@cert.orghttp://www.debian.org/security/2008/dsa-1663Patch
cret@cert.orghttp://www.kb.cert.org/vuls/id/878044US Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/CTAR-7FBS8QUS Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MIMG-7ETS5ZUS Government Resource
cret@cert.orghttp://www.kb.cert.org/vuls/id/MIMG-7ETS87US Government Resource
cret@cert.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2008:118
cret@cert.orghttp://www.ocert.org/advisories/ocert-2008-006.html
cret@cert.orghttp://www.openwall.com/lists/oss-security/2008/06/09/1
cret@cert.orghttp://www.redhat.com/support/errata/RHSA-2008-0529.html
cret@cert.orghttp://www.securityfocus.com/archive/1/493218/100/0/threaded
cret@cert.orghttp://www.securityfocus.com/archive/1/497962/100/0/threaded
cret@cert.orghttp://www.securityfocus.com/bid/29623Exploit, Patch
cret@cert.orghttp://www.securitytracker.com/id?1020218
cret@cert.orghttp://www.ubuntu.com/usn/usn-685-1
cret@cert.orghttp://www.us-cert.gov/cas/techalerts/TA08-162A.htmlUS Government Resource
cret@cert.orghttp://www.vmware.com/security/advisories/VMSA-2008-0013.html
cret@cert.orghttp://www.vmware.com/security/advisories/VMSA-2008-0017.html
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1787/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1788/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1797/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1800/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1801/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1836/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/1981/references
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2361
cret@cert.orghttp://www.vupen.com/english/advisories/2008/2971
cret@cert.orghttp://www.vupen.com/english/advisories/2009/1612
cret@cert.orghttps://bugzilla.redhat.com/show_bug.cgi?id=447974
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785
cret@cert.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414
cret@cert.orghttps://www.exploit-db.com/exploits/5790
cret@cert.orghttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html
cret@cert.orghttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html
cret@cert.orghttps://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.ingate.com/pipermail/productinfo/2008/000021.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127730470825399&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=127730470825399&w=2
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2008-0528.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30574Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30596Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30612
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30615Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30626Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30647Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30648Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30665Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/30802Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31334Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31351Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31568Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32664Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/33003Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35463
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200808-02.xml
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3933
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/forum/forum.php?forum_id=833770
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT2163
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2008/dsa-1663Patch
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/878044US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/CTAR-7FBS8QUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MIMG-7ETS5ZUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/MIMG-7ETS87US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:118
af854a3a-2127-422b-91ae-364da2661108http://www.ocert.org/advisories/ocert-2008-006.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/06/09/1
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2008-0529.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/493218/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/497962/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/29623Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020218
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-685-1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-162A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0013.html
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2008-0017.html
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1787/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1788/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1797/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1800/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1801/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1836/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/1981/references
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2361
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2971
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/1612
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=447974
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/5790
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html
Impacted products
Vendor Product Version
cisco catos 7.1.1
cisco catos 7.3.1
cisco catos 7.4.1
cisco catos 8.3
cisco cisco_ios 12.0
cisco cisco_ios 12.0
cisco cisco_ios 12.1
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.2
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.3
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco cisco_ios 12.4
cisco ios 10.0
cisco ios 11.0
cisco ios 11.1
cisco ios 11.3
cisco ios 12.2
cisco ios_xr 2.0
cisco ios_xr 3.0
cisco ios_xr 3.2
cisco ios_xr 3.3
cisco ios_xr 3.4
cisco ios_xr 3.5
cisco ios_xr 3.6
cisco ios_xr 3.7
cisco nx_os 4.0
cisco nx_os 4.0.1
cisco nx_os 4.0.2
ecos_sourceware ecos 1.1
ecos_sourceware ecos 1.2.1
ecos_sourceware ecos 1.3.1
ecos_sourceware ecos 2.0
ecos_sourceware ecos 2.0
net-snmp net_snmp 5.0
net-snmp net_snmp 5.0.1
net-snmp net_snmp 5.0.2
net-snmp net_snmp 5.0.3
net-snmp net_snmp 5.0.4
net-snmp net_snmp 5.0.5
net-snmp net_snmp 5.0.6
net-snmp net_snmp 5.0.7
net-snmp net_snmp 5.0.8
net-snmp net_snmp 5.0.9
net-snmp net_snmp 5.1
net-snmp net_snmp 5.1.1
net-snmp net_snmp 5.1.2
net-snmp net_snmp 5.2
net-snmp net_snmp 5.3
net-snmp net_snmp 5.3.0.1
net-snmp net_snmp 5.4
sun solaris 10.0
sun sunos 5.10
cisco ace_10_6504_bundle_with_4_gbps_throughput *
cisco ace_10_6509_bundle_with_8_gbps_throughput *
cisco ace_10_service_module *
cisco ace_20_6504_bundle_with__4gbps_throughput *
cisco ace_20_6509_bundle_with_8gbps_throughput *
cisco ace_20_service_module *
cisco ace_4710 *
cisco ace_xml_gateway 5.2
cisco ace_xml_gateway 6.0
cisco mds_9120 *
cisco mds_9124 *
cisco mds_9134 *
cisco mds_9140 *
ingate ingate_firewall 2.2.0
ingate ingate_firewall 2.2.1
ingate ingate_firewall 2.2.2
ingate ingate_firewall 2.3.0
ingate ingate_firewall 2.4.0
ingate ingate_firewall 2.4.1
ingate ingate_firewall 2.5.0
ingate ingate_firewall 2.6.0
ingate ingate_firewall 2.6.1
ingate ingate_firewall 3.0.2
ingate ingate_firewall 3.1.0
ingate ingate_firewall 3.1.1
ingate ingate_firewall 3.1.3
ingate ingate_firewall 3.1.4
ingate ingate_firewall 3.2.0
ingate ingate_firewall 3.2.1
ingate ingate_firewall 3.2.2
ingate ingate_firewall 3.3.1
ingate ingate_firewall 4.1.0
ingate ingate_firewall 4.1.3
ingate ingate_firewall 4.2.1
ingate ingate_firewall 4.2.2
ingate ingate_firewall 4.2.3
ingate ingate_firewall 4.3.1
ingate ingate_firewall 4.4.1
ingate ingate_firewall 4.4.2
ingate ingate_firewall 4.5.1
ingate ingate_firewall 4.5.2
ingate ingate_firewall 4.6.0
ingate ingate_firewall 4.6.1
ingate ingate_firewall 4.6.2
ingate ingate_siparator 2.2.0
ingate ingate_siparator 2.2.1
ingate ingate_siparator 2.2.2
ingate ingate_siparator 2.3.0
ingate ingate_siparator 2.4.0
ingate ingate_siparator 2.4.1
ingate ingate_siparator 2.5.0
ingate ingate_siparator 2.6.0
ingate ingate_siparator 2.6.1
ingate ingate_siparator 3.0.2
ingate ingate_siparator 3.1.0
ingate ingate_siparator 3.1.1
ingate ingate_siparator 3.1.3
ingate ingate_siparator 3.1.4
ingate ingate_siparator 3.2.0
ingate ingate_siparator 3.2.1
ingate ingate_siparator 3.2.2
ingate ingate_siparator 3.3.1
ingate ingate_siparator 4.1.0
ingate ingate_siparator 4.1.3
ingate ingate_siparator 4.2.1
ingate ingate_siparator 4.2.2
ingate ingate_siparator 4.2.3
ingate ingate_siparator 4.3.1
ingate ingate_siparator 4.3.4
ingate ingate_siparator 4.4.1
ingate ingate_siparator 4.4.2
ingate ingate_siparator 4.5.1
ingate ingate_siparator 4.5.2
ingate ingate_siparator 4.6.0
ingate ingate_siparator 4.6.1
ingate ingate_siparator 4.6.2
juniper session_and_resource_control 1.0
juniper session_and_resource_control 2.0
juniper src_pe 1.0
juniper src_pe 2.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:catos:7.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5CAC7FBF-2493-42CA-9B23-20AF09F0DDA8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:catos:7.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE64E4C4-BACE-404F-966D-415976781DC4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:catos:7.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "377F951F-C2D8-441D-A532-F62E23937F94",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:catos:8.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "34A3A284-36A9-4E8C-815D-6E2FE4C158DF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.0:s:*:*:*:*:*:*",
                     matchCriteriaId: "A5823F33-7FB3-465B-8017-1866D9EF3AA6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.0:sy:*:*:*:*:*:*",
                     matchCriteriaId: "94870E9E-C883-4051-8854-CDE0AE7A64B6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.1:e:*:*:*:*:*:*",
                     matchCriteriaId: "85C2FF9C-7730-4DBF-8C86-1EF0F1E71D8C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:ewa:*:*:*:*:*:*",
                     matchCriteriaId: "4A4AFC06-85C5-4AD0-A409-27F9AF398D7D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:jk:*:*:*:*:*:*",
                     matchCriteriaId: "EB593071-BB5A-47AD-B9C6-59D2010F6280",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sb:*:*:*:*:*:*",
                     matchCriteriaId: "74382B2D-E9A6-453D-9C07-F959EAB4C075",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sg:*:*:*:*:*:*",
                     matchCriteriaId: "B3D93383-BD5A-4052-B724-055F6FCFC314",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sga:*:*:*:*:*:*",
                     matchCriteriaId: "6B1E3C39-163D-4A99-AC96-2EE388305000",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sra:*:*:*:*:*:*",
                     matchCriteriaId: "90710000-F963-4F36-9EE1-C3CE1CECDCA2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:srb:*:*:*:*:*:*",
                     matchCriteriaId: "5F4F8B9E-B2AB-4545-8ACF-8F03E636E842",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:src:*:*:*:*:*:*",
                     matchCriteriaId: "6E2D6402-D2AF-4817-8A46-1FA9B17B720C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxb:*:*:*:*:*:*",
                     matchCriteriaId: "79BB5494-735D-424B-8B41-2FAECE1A7AD4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxd:*:*:*:*:*:*",
                     matchCriteriaId: "FD6178BC-9741-4FC1-87DA-A5407B3A4F40",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:sxf:*:*:*:*:*:*",
                     matchCriteriaId: "2A419BD7-6345-43D8-B69C-2255E2EF6FD7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:zl:*:*:*:*:*:*",
                     matchCriteriaId: "B472DEEE-148A-46B4-BCBC-0A9F62F38B31",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.2:zy:*:*:*:*:*:*",
                     matchCriteriaId: "23305EBA-11D5-417E-823E-39D0D052839D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "8A8D0F64-5DE1-4A6F-91F0-8A8509BF077F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:b:*:*:*:*:*:*",
                     matchCriteriaId: "95418AD2-FB85-4E20-B874-D82DDF88BC91",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:ja:*:*:*:*:*:*",
                     matchCriteriaId: "14D1B81D-95E4-4945-94F2-C36FD7C0DC55",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jeb:*:*:*:*:*:*",
                     matchCriteriaId: "452FF154-F6C0-4BC4-969E-1D49AA3CCE49",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jk:*:*:*:*:*:*",
                     matchCriteriaId: "3AB6C57C-8805-443F-8ACE-83DAA48878CA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jl:*:*:*:*:*:*",
                     matchCriteriaId: "554C9611-55F1-40AF-9862-7E902D5CE1D1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:jx:*:*:*:*:*:*",
                     matchCriteriaId: "F89C185A-D3B3-4F5F-9249-F8EE89E8DD04",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:t:*:*:*:*:*:*",
                     matchCriteriaId: "EEB0B55E-3579-4929-862F-C5FF9F796AE1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xa:*:*:*:*:*:*",
                     matchCriteriaId: "8E8E34D3-0BCB-4D19-A41C-0375941E1B21",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xg:*:*:*:*:*:*",
                     matchCriteriaId: "09CBD68E-2A5C-43DF-9AD6-DE07815821B3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xi:*:*:*:*:*:*",
                     matchCriteriaId: "01393D91-ED1D-460D-8621-10260F0CBDD0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xk:*:*:*:*:*:*",
                     matchCriteriaId: "8AB2FF53-5991-4264-B5CC-D1E45460BFCE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:xr:*:*:*:*:*:*",
                     matchCriteriaId: "1A1FAF42-B7B1-40B0-A0F7-5DF821E6193F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yf:*:*:*:*:*:*",
                     matchCriteriaId: "1BE94EA2-E0CC-4760-94A8-DE56C8181F74",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yi:*:*:*:*:*:*",
                     matchCriteriaId: "929836AD-8128-4174-872D-B9638B54611C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yt:*:*:*:*:*:*",
                     matchCriteriaId: "5ED5B53D-930D-477E-A0F6-76167AE67641",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.3:yx:*:*:*:*:*:*",
                     matchCriteriaId: "84983F6A-64F6-4720-9291-FC84CA10EE25",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6A60117-E4D1-4741-98A2-E643A26616A7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:t:*:*:*:*:*:*",
                     matchCriteriaId: "156B91B9-1F5B-4E83-A2B7-A5B7F272D5B1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xa:*:*:*:*:*:*",
                     matchCriteriaId: "C9E90E83-1732-4BEF-BC5B-401769DC8880",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xc:*:*:*:*:*:*",
                     matchCriteriaId: "51679B26-DF28-4E41-9801-E1599F250FFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xd:*:*:*:*:*:*",
                     matchCriteriaId: "E989900F-BE66-47E4-9A1B-11B9785F89BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xe:*:*:*:*:*:*",
                     matchCriteriaId: "95A01B7E-8231-4001-A340-31CE66474FDA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xj:*:*:*:*:*:*",
                     matchCriteriaId: "3CC62D3B-A287-4DED-A44D-3351452D4A55",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:cisco_ios:12.4:xw:*:*:*:*:*:*",
                     matchCriteriaId: "687E91FF-957E-449F-BDD6-85AA59E1E0D5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "79528F96-FD42-4A76-82EE-4B1324D53B5F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D626B494-6210-4F74-8D17-BA480B6665C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "82B6315D-7BEF-419F-9B93-3CF669E986D1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "33CCFFC6-9D26-4C39-AF76-0B8FCDE743CF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FB31FAC-D720-4BF1-BFCC-0A9B714E292A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "904CA41E-8168-41DE-AE84-941962A7BB71",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D69F8FA-D58A-4F53-86D8-A20C73E9B299",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD331C50-DB93-4001-B56A-C1012F894CDF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "75538529-611A-43B5-AC4D-089C4E2E2ACC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F992D03D-1DB8-44C1-B59D-1C09A32A2C91",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A8BC298-4AF9-4281-9AD9-0D8F621E46B0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios_xr:3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2FE436B-2117-4FB4-B550-8454848D1D58",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx_os:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "69D2BD63-C110-4E89-B239-4A59E20AB78E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx_os:4.0.1:a:*:*:*:*:*:*",
                     matchCriteriaId: "43E5FFB6-861D-4F91-B3C9-C5E57DDD25C3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:nx_os:4.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BD3BD3D-767D-483D-9FFE-D23AA2E228E6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "6762126F-55E4-4963-99F5-206A46979E7C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1945B97A-8276-4EE2-8F76-5F0C0956DF18",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ecos_sourceware:ecos:1.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7C8CA81F-2AB6-45F8-8AAE-BF6A7EDA73D5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ecos_sourceware:ecos:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2452913-0513-46BB-A52E-8FA12D77B570",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:ecos_sourceware:ecos:2.0:b1:*:*:*:*:*:*",
                     matchCriteriaId: "5D967624-23B1-48BB-91DB-1E1C18AAAD85",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "18CCF3B9-CA7D-4D37-BD2C-1B74586B98A7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A0AB8C2-EE95-48AA-98B7-B6ED40494A0A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "77930529-89BE-463D-8259-3D67D153284A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "743DEB17-3BE3-4278-A54B-2CE547DB9F31",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DCAF8C2-0E4E-4474-BD1E-F28A6EAEF8F8",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2BCA127-F5F3-418F-890D-6B1C03019590",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA5A2C2F-ABF4-46B0-80AB-867B97AE5237",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE83150C-456E-462A-A0F1-ED8EAD60D671",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "BF5B2431-335C-461B-B07F-88267EA71DCD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.0.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DBA8E67-021A-4D07-94B9-943A8E1C4468",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "905D1F04-CDFD-4BAD-8939-5ABC70A874E6",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "00878E69-2721-43E3-A853-D3DCFE5C258D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C51799BB-D931-436C-8C94-558956AC880A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1ACC549-B5AF-4F5C-A3FE-257AA6D80C7A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D498D406-A453-4119-BBA1-4709CF5862AE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8D68555E-BEB9-4F1E-8D6D-C313FB501523",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B44A0D4-3020-414B-81D7-679E8441E182",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:sun:solaris:10.0:unkown:x86:*:*:*:*:*",
                     matchCriteriaId: "B76A8BD4-E53F-49A6-946B-6E672DD0419C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E75493D0-F060-4CBA-8AB0-C4FE8B2A8C9B",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:ace_10_6504_bundle_with_4_gbps_throughput:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E1C6B46B-13E2-4DA4-9EF2-007893034269",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_10_6509_bundle_with_8_gbps_throughput:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1C501EB-CF9F-437D-A7C0-2A12F1D5E171",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_10_service_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "538FE81A-2FD9-4A7C-AEC7-8FCE98DADBE0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_20_6504_bundle_with__4gbps_throughput:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "15D3471D-6267-4481-8BBD-BFC106E8F30B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_20_6509_bundle_with_8gbps_throughput:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "13FB3C8A-87D3-4601-BD97-2B9F9FA8CA47",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_20_service_module:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0292228-80D8-4BA4-8662-698D7003D7D0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_4710:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBFD21CF-CC38-477F-A78B-10CFEFF81E0A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_xml_gateway:5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "522C9080-86A6-40A8-905C-73187DAF83F7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:ace_xml_gateway:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C1B7A18-F230-44D4-801E-8284085CA1DF",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:mds_9120:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8E62CC4C-89A7-4594-BDD8-394211889220",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:mds_9124:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E152F995-BCD2-4725-A47C-1A5E7D6B9005",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:mds_9134:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "51E38404-ED69-4B0E-A035-2AF5E0649CC1",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:cisco:mds_9140:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A90F0A06-A634-4BD0-A477-90BD3384B7D0",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "346E0D1B-CF9E-48BC-AE7A-F8CEF09F6741",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0123D2ED-3983-45D3-B54A-3E75FCE99C6D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "66CA6C29-1DF1-46E3-BDCA-9ED72D3E6731",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E50E974E-87F5-45A2-88BA-B1E4913E3DAD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4AB25CC-BB96-4675-98D7-C5FF30C24014",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C7C95AD-3D5F-458B-A761-5D7779FEA327",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E9E4A3F6-5D89-47D0-84AD-601682399D8B",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C700A36D-5FB4-475D-BE85-74511830870A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "02060365-1D67-4611-8D79-B9FC354EBF99",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "194BD880-F672-4492-8356-B14C8DA8C2DB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "B1D769FC-3081-48F8-BBF1-3964F3F8B569",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A966DB26-8A52-4F4D-9C0E-8A8719A195AE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6675DF0-963A-4091-9786-7CE3337EE47E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "77A94931-8584-4021-A5BB-83FF22D54955",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F06FB120-9BB3-4363-B2A2-A3475993FDFD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8229DE3A-B9CB-44FF-8409-51E09DDED479",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AAD7A89-294A-45DA-B5F5-C69F7FCC4A5E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2699E7A6-7B3A-4C4C-9472-B8B6B547624D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D913348F-351C-4D78-A0AA-27B355D52235",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "C3E88A46-CEC7-46D5-9697-232E18531FD5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5F16B8D0-81F5-4ECE-8276-EC30DDCCE1A7",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0ECFBAFE-9267-469A-A97F-F716969B247C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "48F839C7-7B33-4BF6-9ACF-76F32F5D7C72",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE1559E6-E7B6-4B5B-8841-CF502E05BA46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F041246F-5B7F-4F63-9E81-02465C9062C2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ADB78013-DEE9-438E-ABD1-5E3D932177BB",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D77447C3-AA72-4CAB-A0B1-0883D41AD064",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "473038C0-1644-4FF2-A1DA-BCB8A7CD1CA2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9C3F04F-7581-4DCA-970D-9FCBB56EA724",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7ABF04A7-8230-4AB9-8D66-DF1463037823",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_firewall:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC205E36-7027-4A9B-8574-9BB9C68007A5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "69C55DD7-986A-4AB6-8F61-5A5D26531011",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "84DDD7E4-D5D7-4341-9482-2B918306578D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "14A3C59C-6A3D-477B-B425-1C085D6951E3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "31AA57F4-5023-4333-9F19-C9D362E8E495",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "063034FF-0AB8-4D78-9822-0DCA9657C853",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "67477EC7-363E-45B5-BA53-1A4E9FB20CDE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "78E11F95-E635-465C-BD7F-5F7E9192DEAC",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "74F145F0-573E-4CBC-AB69-3B77D6F9A540",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "49DA7D86-8845-43CA-80DC-3D794322CB28",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "ABD34FEB-7956-44AE-A510-2E5F9EF61651",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9DEF5098-3791-4CEB-A436-2809A4385D27",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D895880-FB98-4472-A164-458CE086F339",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "D7912AA3-0469-479E-9C5A-53F20E504956",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "8677C6C8-39CA-492A-A196-9DFAF892120C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "51FA6F2A-8444-4BB2-B7F2-B97AEFFF9E27",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "60E46CAD-0032-4CD6-AA2A-871E1DFC3A35",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "22CE55DE-00CA-4F87-9CA0-80A360E332FA",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:3.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "63DC81FA-A6B4-41DC-8097-8944D06A2451",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "CB87853E-CAFF-48D8-9C56-A2DE325235D5",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "61E35451-BEE3-412A-8706-5522C00BE1DD",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E599E0CE-CCB7-4A30-8AA9-45BBC11AFEC2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F45326B3-CC4E-4C3A-9819-28936A0432F4",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "CDBF1A78-7190-4326-84BD-C18CC354DA38",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "D97FFBA0-2E80-40EF-A4AC-F26D3490371E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "5A442F5B-5A1A-4CD0-B693-851FFB917E5D",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "074BCB70-AD66-4141-9DD3-9DE73BDCB0F3",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.4.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "646BF70F-CB7B-48E3-8563-E089E1CECD11",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1CD34A7B-508C-45F2-8725-FE42398D3652",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D2785732-A5C7-434E-B45D-13138B574F45",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "989A4E8A-F23D-4BF5-B860-FB7B04A1CE56",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "A07E1241-24BE-48D3-B737-56B2AAA3AF64",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:h:ingate:ingate_siparator:4.6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "EFB751FD-CCCA-4131-A24F-65DEF1128B26",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:juniper:session_and_resource_control:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "D106F4E4-4B41-4002-8C34-6A9C3A0FF640",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:juniper:session_and_resource_control:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "863583DC-DD93-46DC-BA06-0B838CDB2565",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:juniper:src_pe:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D50E1B4-A64E-45D5-8A44-947DE7B8AAD4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:juniper:src_pe:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED5F1A8F-5ED9-4ED0-A336-A0E4A439E6F2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.",
      },
      {
         lang: "es",
         value: "Una comprobación SNMPv3 HMAC en (1) Net-SNMP versión 5.2.x anterior a  5.2.4.1,  versión  5.3.x anterior a  5.3.2.1 y  versión 5.4.x anterior a  5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) C-series  versión 1.0.0 hasta 2.0.0 de Juniper Session and Resource Control (SRC); (5) Data de NetApp (también se conoce como Network Appliance) ONTAP  versiones 7.3RC1 y 7.3RC2; (6) SNMP Research versión anterior a 16.2; (7) múltiples productos Cisco IOS, CatOS, ACE y Nexus; (8) Ingate Firewall  versión  3.1.0 y posterior y SIParator  versión  3.1.0 y posterior; (9) HP OpenView SNMP Emanate Master Agent  versión 15.x; y posiblemente otros productos dependen del cliente para especificar la longitud del HMAC, lo que facilita que los atacantes remotos omitan la autenticación SNMP por medio de un valor de longitud de 1, que solo comprueba el primer byte.",
      },
   ],
   id: "CVE-2008-0960",
   lastModified: "2024-11-21T00:43:19.457",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-06-10T18:32:00.000",
   references: [
      {
         source: "cret@cert.org",
         url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
      },
      {
         source: "cret@cert.org",
         url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html",
      },
      {
         source: "cret@cert.org",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html",
      },
      {
         source: "cret@cert.org",
         url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
      },
      {
         source: "cret@cert.org",
         url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
      },
      {
         source: "cret@cert.org",
         url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30574",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30596",
      },
      {
         source: "cret@cert.org",
         url: "http://secunia.com/advisories/30612",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30615",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30626",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30647",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30648",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30665",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30802",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31334",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31351",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31467",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31568",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/32664",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/33003",
      },
      {
         source: "cret@cert.org",
         url: "http://secunia.com/advisories/35463",
      },
      {
         source: "cret@cert.org",
         url: "http://security.gentoo.org/glsa/glsa-200808-02.xml",
      },
      {
         source: "cret@cert.org",
         url: "http://securityreason.com/securityalert/3933",
      },
      {
         source: "cret@cert.org",
         url: "http://sourceforge.net/forum/forum.php?forum_id=833770",
      },
      {
         source: "cret@cert.org",
         url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
      },
      {
         source: "cret@cert.org",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1",
      },
      {
         source: "cret@cert.org",
         url: "http://support.apple.com/kb/HT2163",
      },
      {
         source: "cret@cert.org",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1663",
      },
      {
         source: "cret@cert.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/878044",
      },
      {
         source: "cret@cert.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
      },
      {
         source: "cret@cert.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
      },
      {
         source: "cret@cert.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
      },
      {
         source: "cret@cert.org",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118",
      },
      {
         source: "cret@cert.org",
         url: "http://www.ocert.org/advisories/ocert-2008-006.html",
      },
      {
         source: "cret@cert.org",
         url: "http://www.openwall.com/lists/oss-security/2008/06/09/1",
      },
      {
         source: "cret@cert.org",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html",
      },
      {
         source: "cret@cert.org",
         url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded",
      },
      {
         source: "cret@cert.org",
         url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
      },
      {
         source: "cret@cert.org",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29623",
      },
      {
         source: "cret@cert.org",
         url: "http://www.securitytracker.com/id?1020218",
      },
      {
         source: "cret@cert.org",
         url: "http://www.ubuntu.com/usn/usn-685-1",
      },
      {
         source: "cret@cert.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1787/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1788/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1797/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1800/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1801/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1836/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/1981/references",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/2361",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2008/2971",
      },
      {
         source: "cret@cert.org",
         url: "http://www.vupen.com/english/advisories/2009/1612",
      },
      {
         source: "cret@cert.org",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
      },
      {
         source: "cret@cert.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820",
      },
      {
         source: "cret@cert.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785",
      },
      {
         source: "cret@cert.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414",
      },
      {
         source: "cret@cert.org",
         url: "https://www.exploit-db.com/exploits/5790",
      },
      {
         source: "cret@cert.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html",
      },
      {
         source: "cret@cert.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html",
      },
      {
         source: "cret@cert.org",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30574",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/30612",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30615",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30626",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30647",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30648",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/30802",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31334",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31351",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31568",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/32664",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/33003",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/35463",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://security.gentoo.org/glsa/glsa-200808-02.xml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/3933",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/forum/forum.php?forum_id=833770",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.apple.com/kb/HT2163",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.debian.org/security/2008/dsa-1663",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/878044",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ocert.org/advisories/ocert-2008-006.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2008/06/09/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/29623",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1020218",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/usn-685-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1787/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1788/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1797/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1800/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1801/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1836/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/1981/references",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2361",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2971",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2009/1612",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.exploit-db.com/exploits/5790",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html",
      },
   ],
   sourceIdentifier: "cret@cert.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2009-0624
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 19:10
Severity ?
Summary
Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:05.038Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1021769",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1021769",
               },
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
               {
                  name: "33900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33900",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "1021769",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1021769",
            },
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
            {
               name: "33900",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33900",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2009-0624",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv1 packet.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1021769",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1021769",
                  },
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
                  {
                     name: "33900",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/33900",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2009-0624",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-18T00:00:00Z",
      dateUpdated: "2024-09-16T19:10:24.295Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-1576
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 01:28
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.
References
http://www.securityfocus.com/archive/1/512144/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1024167vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/41315vdb-entry, x_refsource_BID
http://www.vsecurity.com/resources/advisory/20100702-1/x_refsource_MISC
http://osvdb.org/66092vdb-entry, x_refsource_OSVDB
http://securitytracker.com/id?1024168vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T01:28:41.990Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
               },
               {
                  name: "1024167",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1024167",
               },
               {
                  name: "41315",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/41315",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
               },
               {
                  name: "66092",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/66092",
               },
               {
                  name: "1024168",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1024168",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-07-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
            },
            {
               name: "1024167",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1024167",
            },
            {
               name: "41315",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/41315",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
            },
            {
               name: "66092",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/66092",
            },
            {
               name: "1024168",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1024168",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2010-1576",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Cisco Content Services Switch (CSS) 11500 with software before 8.20.4.02 and the Application Control Engine (ACE) 4710 with software before A2(3.0) do not properly handle use of LF, CR, and LFCR as alternatives to the standard CRLF sequence between HTTP headers, which allows remote attackers to bypass intended header insertions or conduct HTTP request smuggling attacks via crafted header data, as demonstrated by LF characters preceding ClientCert-Subject and ClientCert-Subject-CN headers, aka Bug ID CSCta04885.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
                  },
                  {
                     name: "1024167",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1024167",
                  },
                  {
                     name: "41315",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/41315",
                  },
                  {
                     name: "http://www.vsecurity.com/resources/advisory/20100702-1/",
                     refsource: "MISC",
                     url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
                  },
                  {
                     name: "66092",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/66092",
                  },
                  {
                     name: "1024168",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1024168",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2010-1576",
      datePublished: "2010-07-06T14:00:00",
      dateReserved: "2010-04-27T00:00:00",
      dateUpdated: "2024-08-07T01:28:41.990Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-0622
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 20:07
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:05.347Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
               {
                  name: "33900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33900",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
            {
               name: "33900",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33900",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2009-0622",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8a) allows remote authenticated users to execute arbitrary operating-system commands through a command line interface (CLI).",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
                  {
                     name: "33900",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/33900",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2009-0622",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-18T00:00:00Z",
      dateUpdated: "2024-09-16T20:07:30.144Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-0960
Vulnerability from cvelistv5
Published
2008-06-10 18:00
Modified
2024-08-07 08:01
Severity ?
Summary
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
References
http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380x_refsource_CONFIRM
http://secunia.com/advisories/35463third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30615third-party-advisory, x_refsource_SECUNIA
http://support.apple.com/kb/HT2163x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2008/1787/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30648third-party-advisory, x_refsource_SECUNIA
http://www.kb.cert.org/vuls/id/CTAR-7FBS8Qx_refsource_CONFIRM
http://secunia.com/advisories/32664third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1981/referencesvdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1801/referencesvdb-entry, x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.htmlvendor-advisory, x_refsource_SUSE
http://lists.ingate.com/pipermail/productinfo/2008/000021.htmlmailing-list, x_refsource_MLIST
http://secunia.com/advisories/31351third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1788/referencesvdb-entry, x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2008-282.htmx_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.htmlvendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/29623vdb-entry, x_refsource_BID
http://secunia.com/advisories/31334third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/2971vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/30626third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127730470825399&w=2vendor-advisory, x_refsource_HP
http://www.vmware.com/security/advisories/VMSA-2008-0017.htmlx_refsource_MISC
http://www.openwall.com/lists/oss-security/2008/06/09/1mailing-list, x_refsource_MLIST
http://marc.info/?l=bugtraq&m=127730470825399&w=2vendor-advisory, x_refsource_HP
http://www.kb.cert.org/vuls/id/878044third-party-advisory, x_refsource_CERT-VN
http://secunia.com/advisories/30647third-party-advisory, x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/archive/1/497962/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/1836/referencesvdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/33003third-party-advisory, x_refsource_SECUNIA
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtmlvendor-advisory, x_refsource_CISCO
http://www.vupen.com/english/advisories/2008/2361vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31568third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/31467third-party-advisory, x_refsource_SECUNIA
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.htmlvendor-advisory, x_refsource_APPLE
http://www.debian.org/security/2008/dsa-1663vendor-advisory, x_refsource_DEBIAN
http://www.us-cert.gov/cas/techalerts/TA08-162A.htmlthird-party-advisory, x_refsource_CERT
http://www.kb.cert.org/vuls/id/MIMG-7ETS87x_refsource_CONFIRM
http://www.ocert.org/advisories/ocert-2008-006.htmlx_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2008-0528.htmlvendor-advisory, x_refsource_REDHAT
http://securityreason.com/securityalert/3933third-party-advisory, x_refsource_SREASON
http://www.redhat.com/support/errata/RHSA-2008-0529.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/30612third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/30802third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=447974x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0013.htmlx_refsource_CONFIRM
http://www.kb.cert.org/vuls/id/MIMG-7ETS5Zx_refsource_CONFIRM
https://www.exploit-db.com/exploits/5790exploit, x_refsource_EXPLOIT-DB
http://www.vupen.com/english/advisories/2008/1797/referencesvdb-entry, x_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200808-02.xmlvendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/archive/1/493218/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/30665third-party-advisory, x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.htmlvendor-advisory, x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.htmlvendor-advisory, x_refsource_FEDORA
http://www.vupen.com/english/advisories/2008/1800/referencesvdb-entry, x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2008:118vendor-advisory, x_refsource_MANDRIVA
http://www.ubuntu.com/usn/usn-685-1vendor-advisory, x_refsource_UBUNTU
http://sourceforge.net/forum/forum.php?forum_id=833770x_refsource_CONFIRM
http://www.securitytracker.com/id?1020218vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/30596third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/1612vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/30574third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T08:01:40.150Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
               },
               {
                  name: "35463",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/35463",
               },
               {
                  name: "30615",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30615",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.apple.com/kb/HT2163",
               },
               {
                  name: "ADV-2008-1787",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1787/references",
               },
               {
                  name: "30648",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30648",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
               },
               {
                  name: "32664",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/32664",
               },
               {
                  name: "ADV-2008-1981",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1981/references",
               },
               {
                  name: "ADV-2008-1801",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1801/references",
               },
               {
                  name: "SUSE-SA:2008:039",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html",
               },
               {
                  name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html",
               },
               {
                  name: "31351",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31351",
               },
               {
                  name: "ADV-2008-1788",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1788/references",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
               },
               {
                  name: "FEDORA-2008-5215",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html",
               },
               {
                  name: "29623",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/29623",
               },
               {
                  name: "31334",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31334",
               },
               {
                  name: "ADV-2008-2971",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2971",
               },
               {
                  name: "oval:org.mitre.oval:def:10820",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820",
               },
               {
                  name: "oval:org.mitre.oval:def:6414",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414",
               },
               {
                  name: "30626",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30626",
               },
               {
                  name: "SSRT080082",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
               },
               {
                  name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2008/06/09/1",
               },
               {
                  name: "HPSBMA02439",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
               },
               {
                  name: "VU#878044",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/878044",
               },
               {
                  name: "30647",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30647",
               },
               {
                  name: "238865",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUNALERT",
                     "x_transferred",
                  ],
                  url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1",
               },
               {
                  name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
               },
               {
                  name: "ADV-2008-1836",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1836/references",
               },
               {
                  name: "33003",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/33003",
               },
               {
                  name: "20080610 SNMP Version 3 Authentication Vulnerabilities",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml",
               },
               {
                  name: "ADV-2008-2361",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2361",
               },
               {
                  name: "31568",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31568",
               },
               {
                  name: "31467",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31467",
               },
               {
                  name: "APPLE-SA-2008-06-30",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
               },
               {
                  name: "DSA-1663",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2008/dsa-1663",
               },
               {
                  name: "TA08-162A",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.ocert.org/advisories/ocert-2008-006.html",
               },
               {
                  name: "RHSA-2008:0528",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html",
               },
               {
                  name: "3933",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3933",
               },
               {
                  name: "RHSA-2008:0529",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html",
               },
               {
                  name: "30612",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30612",
               },
               {
                  name: "30802",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30802",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
               },
               {
                  name: "5790",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/5790",
               },
               {
                  name: "ADV-2008-1797",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1797/references",
               },
               {
                  name: "GLSA-200808-02",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "http://security.gentoo.org/glsa/glsa-200808-02.xml",
               },
               {
                  name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded",
               },
               {
                  name: "30665",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30665",
               },
               {
                  name: "FEDORA-2008-5218",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html",
               },
               {
                  name: "FEDORA-2008-5224",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html",
               },
               {
                  name: "ADV-2008-1800",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/1800/references",
               },
               {
                  name: "MDVSA-2008:118",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRIVA",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118",
               },
               {
                  name: "USN-685-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/usn-685-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://sourceforge.net/forum/forum.php?forum_id=833770",
               },
               {
                  name: "1020218",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1020218",
               },
               {
                  name: "30596",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30596",
               },
               {
                  name: "oval:org.mitre.oval:def:5785",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785",
               },
               {
                  name: "ADV-2009-1612",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2009/1612",
               },
               {
                  name: "30574",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/30574",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-06-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "37e5125f-f79b-445b-8fad-9564f167944b",
            shortName: "certcc",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
            },
            {
               name: "35463",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/35463",
            },
            {
               name: "30615",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30615",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.apple.com/kb/HT2163",
            },
            {
               name: "ADV-2008-1787",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1787/references",
            },
            {
               name: "30648",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30648",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
            },
            {
               name: "32664",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/32664",
            },
            {
               name: "ADV-2008-1981",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1981/references",
            },
            {
               name: "ADV-2008-1801",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1801/references",
            },
            {
               name: "SUSE-SA:2008:039",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html",
            },
            {
               name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html",
            },
            {
               name: "31351",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31351",
            },
            {
               name: "ADV-2008-1788",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1788/references",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
            },
            {
               name: "FEDORA-2008-5215",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html",
            },
            {
               name: "29623",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/29623",
            },
            {
               name: "31334",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31334",
            },
            {
               name: "ADV-2008-2971",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2971",
            },
            {
               name: "oval:org.mitre.oval:def:10820",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820",
            },
            {
               name: "oval:org.mitre.oval:def:6414",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414",
            },
            {
               name: "30626",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30626",
            },
            {
               name: "SSRT080082",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
            },
            {
               name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2008/06/09/1",
            },
            {
               name: "HPSBMA02439",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
            },
            {
               name: "VU#878044",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/878044",
            },
            {
               name: "30647",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30647",
            },
            {
               name: "238865",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
               ],
               url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1",
            },
            {
               name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
            },
            {
               name: "ADV-2008-1836",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1836/references",
            },
            {
               name: "33003",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/33003",
            },
            {
               name: "20080610 SNMP Version 3 Authentication Vulnerabilities",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml",
            },
            {
               name: "ADV-2008-2361",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2361",
            },
            {
               name: "31568",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31568",
            },
            {
               name: "31467",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31467",
            },
            {
               name: "APPLE-SA-2008-06-30",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
            },
            {
               name: "DSA-1663",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2008/dsa-1663",
            },
            {
               name: "TA08-162A",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.ocert.org/advisories/ocert-2008-006.html",
            },
            {
               name: "RHSA-2008:0528",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html",
            },
            {
               name: "3933",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3933",
            },
            {
               name: "RHSA-2008:0529",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html",
            },
            {
               name: "30612",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30612",
            },
            {
               name: "30802",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30802",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
            },
            {
               name: "5790",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/5790",
            },
            {
               name: "ADV-2008-1797",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1797/references",
            },
            {
               name: "GLSA-200808-02",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "http://security.gentoo.org/glsa/glsa-200808-02.xml",
            },
            {
               name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded",
            },
            {
               name: "30665",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30665",
            },
            {
               name: "FEDORA-2008-5218",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html",
            },
            {
               name: "FEDORA-2008-5224",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html",
            },
            {
               name: "ADV-2008-1800",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/1800/references",
            },
            {
               name: "MDVSA-2008:118",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118",
            },
            {
               name: "USN-685-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/usn-685-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://sourceforge.net/forum/forum.php?forum_id=833770",
            },
            {
               name: "1020218",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1020218",
            },
            {
               name: "30596",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30596",
            },
            {
               name: "oval:org.mitre.oval:def:5785",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785",
            },
            {
               name: "ADV-2009-1612",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2009/1612",
            },
            {
               name: "30574",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/30574",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cert@cert.org",
               ID: "CVE-2008-0960",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/tracker/index.php?func=detail&aid=1989089&group_id=12694&atid=456380",
                  },
                  {
                     name: "35463",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/35463",
                  },
                  {
                     name: "30615",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30615",
                  },
                  {
                     name: "http://support.apple.com/kb/HT2163",
                     refsource: "CONFIRM",
                     url: "http://support.apple.com/kb/HT2163",
                  },
                  {
                     name: "ADV-2008-1787",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1787/references",
                  },
                  {
                     name: "30648",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30648",
                  },
                  {
                     name: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
                     refsource: "CONFIRM",
                     url: "http://www.kb.cert.org/vuls/id/CTAR-7FBS8Q",
                  },
                  {
                     name: "32664",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/32664",
                  },
                  {
                     name: "ADV-2008-1981",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1981/references",
                  },
                  {
                     name: "ADV-2008-1801",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1801/references",
                  },
                  {
                     name: "SUSE-SA:2008:039",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html",
                  },
                  {
                     name: "[productinfo] 20080611 Ingate Firewall and SIParator affected by SNMPv3 vulnerability",
                     refsource: "MLIST",
                     url: "http://lists.ingate.com/pipermail/productinfo/2008/000021.html",
                  },
                  {
                     name: "31351",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31351",
                  },
                  {
                     name: "ADV-2008-1788",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1788/references",
                  },
                  {
                     name: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
                     refsource: "CONFIRM",
                     url: "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
                  },
                  {
                     name: "FEDORA-2008-5215",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html",
                  },
                  {
                     name: "29623",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/29623",
                  },
                  {
                     name: "31334",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31334",
                  },
                  {
                     name: "ADV-2008-2971",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/2971",
                  },
                  {
                     name: "oval:org.mitre.oval:def:10820",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10820",
                  },
                  {
                     name: "oval:org.mitre.oval:def:6414",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6414",
                  },
                  {
                     name: "30626",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30626",
                  },
                  {
                     name: "SSRT080082",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
                     refsource: "MISC",
                     url: "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
                  },
                  {
                     name: "[oss-security] 20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2008/06/09/1",
                  },
                  {
                     name: "HPSBMA02439",
                     refsource: "HP",
                     url: "http://marc.info/?l=bugtraq&m=127730470825399&w=2",
                  },
                  {
                     name: "VU#878044",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/878044",
                  },
                  {
                     name: "30647",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30647",
                  },
                  {
                     name: "238865",
                     refsource: "SUNALERT",
                     url: "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238865-1",
                  },
                  {
                     name: "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/497962/100/0/threaded",
                  },
                  {
                     name: "ADV-2008-1836",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1836/references",
                  },
                  {
                     name: "33003",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/33003",
                  },
                  {
                     name: "20080610 SNMP Version 3 Authentication Vulnerabilities",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml",
                  },
                  {
                     name: "ADV-2008-2361",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/2361",
                  },
                  {
                     name: "31568",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31568",
                  },
                  {
                     name: "31467",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31467",
                  },
                  {
                     name: "APPLE-SA-2008-06-30",
                     refsource: "APPLE",
                     url: "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html",
                  },
                  {
                     name: "DSA-1663",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2008/dsa-1663",
                  },
                  {
                     name: "TA08-162A",
                     refsource: "CERT",
                     url: "http://www.us-cert.gov/cas/techalerts/TA08-162A.html",
                  },
                  {
                     name: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
                     refsource: "CONFIRM",
                     url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS87",
                  },
                  {
                     name: "http://www.ocert.org/advisories/ocert-2008-006.html",
                     refsource: "MISC",
                     url: "http://www.ocert.org/advisories/ocert-2008-006.html",
                  },
                  {
                     name: "RHSA-2008:0528",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2008-0528.html",
                  },
                  {
                     name: "3933",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3933",
                  },
                  {
                     name: "RHSA-2008:0529",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2008-0529.html",
                  },
                  {
                     name: "30612",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30612",
                  },
                  {
                     name: "30802",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30802",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=447974",
                  },
                  {
                     name: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
                     refsource: "CONFIRM",
                     url: "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
                  },
                  {
                     name: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
                     refsource: "CONFIRM",
                     url: "http://www.kb.cert.org/vuls/id/MIMG-7ETS5Z",
                  },
                  {
                     name: "5790",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/5790",
                  },
                  {
                     name: "ADV-2008-1797",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1797/references",
                  },
                  {
                     name: "GLSA-200808-02",
                     refsource: "GENTOO",
                     url: "http://security.gentoo.org/glsa/glsa-200808-02.xml",
                  },
                  {
                     name: "20080609 [oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/493218/100/0/threaded",
                  },
                  {
                     name: "30665",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30665",
                  },
                  {
                     name: "FEDORA-2008-5218",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html",
                  },
                  {
                     name: "FEDORA-2008-5224",
                     refsource: "FEDORA",
                     url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html",
                  },
                  {
                     name: "ADV-2008-1800",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/1800/references",
                  },
                  {
                     name: "MDVSA-2008:118",
                     refsource: "MANDRIVA",
                     url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118",
                  },
                  {
                     name: "USN-685-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/usn-685-1",
                  },
                  {
                     name: "http://sourceforge.net/forum/forum.php?forum_id=833770",
                     refsource: "CONFIRM",
                     url: "http://sourceforge.net/forum/forum.php?forum_id=833770",
                  },
                  {
                     name: "1020218",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1020218",
                  },
                  {
                     name: "30596",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30596",
                  },
                  {
                     name: "oval:org.mitre.oval:def:5785",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5785",
                  },
                  {
                     name: "ADV-2009-1612",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2009/1612",
                  },
                  {
                     name: "30574",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/30574",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b",
      assignerShortName: "certcc",
      cveId: "CVE-2008-0960",
      datePublished: "2008-06-10T18:00:00",
      dateReserved: "2008-02-25T00:00:00",
      dateUpdated: "2024-08-07T08:01:40.150Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-0625
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 22:20
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:05.401Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1021769",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1021769",
               },
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
               {
                  name: "33900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33900",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "1021769",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1021769",
            },
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
            {
               name: "33900",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33900",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2009-0625",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.2) and Cisco ACE 4710 Application Control Engine Appliance before A1(8.0) allows remote attackers to cause a denial of service (device reload) via a crafted SNMPv3 packet.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1021769",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1021769",
                  },
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
                  {
                     name: "33900",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/33900",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2009-0625",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-18T00:00:00Z",
      dateUpdated: "2024-09-16T22:20:28.202Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-2823
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-17 01:05
Severity ?
Summary
Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T02:46:48.049Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-08-13T20:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2010-2823",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6) allows remote attackers to cause a denial of service (device reload) via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID CSCtb54493.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2010-2823",
      datePublished: "2010-08-13T20:00:00Z",
      dateReserved: "2010-07-23T00:00:00Z",
      dateUpdated: "2024-09-17T01:05:47.202Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-0621
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-17 01:50
Severity ?
Summary
Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:05.325Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
               {
                  name: "33900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33900",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
            {
               name: "33900",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33900",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2009-0621",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses default (1) usernames and (2) passwords for (a) the administrator, (b) web management, and (c) device management, which makes it easier for remote attackers to perform configuration changes to the Device Manager and other components, or obtain operating-system access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
                  {
                     name: "33900",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/33900",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2009-0621",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-18T00:00:00Z",
      dateUpdated: "2024-09-17T01:50:51.750Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-2825
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-17 00:15
Severity ?
Summary
Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T02:46:48.095Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-08-13T20:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2010-2825",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in the SIP inspection feature on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) before A2(2.3), and A2(3.x) before A2(3.1) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.4), allows remote attackers to cause a denial of service (device reload) via crafted SIP packets over (1) TCP or (2) UDP, aka Bug IDs CSCta65603 and CSCta71569.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2010-2825",
      datePublished: "2010-08-13T20:00:00Z",
      dateReserved: "2010-07-23T00:00:00Z",
      dateUpdated: "2024-09-17T00:15:28.262Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-0742
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 21:57
Severity ?
Summary
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:48:51.868Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2009-0742",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2009-0742",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-26T00:00:00Z",
      dateUpdated: "2024-09-16T21:57:38.095Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2009-0623
Vulnerability from cvelistv5
Published
2009-02-26 16:00
Modified
2024-09-16 23:46
Severity ?
Summary
Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T04:40:05.126Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
               },
               {
                  name: "33900",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/33900",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2009-02-26T16:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
            },
            {
               name: "33900",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/33900",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2009-0623",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml",
                  },
                  {
                     name: "33900",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/33900",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2009-0623",
      datePublished: "2009-02-26T16:00:00Z",
      dateReserved: "2009-02-18T00:00:00Z",
      dateUpdated: "2024-09-16T23:46:36.574Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-2822
Vulnerability from cvelistv5
Published
2010-08-13 20:00
Modified
2024-09-16 22:56
Severity ?
Summary
Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T02:46:48.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2010-08-13T20:00:00Z",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2010-2822",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before A2(3.2) for Catalyst 6500 series switches and 7600 series routers, and the Cisco Application Control Engine (ACE) 4710 appliance with software before A3(2.6), allows remote attackers to cause a denial of service (device reload) via crafted RTSP packets over TCP, aka Bug IDs CSCta85227 and CSCtg14858.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20100811 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
                     refsource: "CISCO",
                     url: "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2010-2822",
      datePublished: "2010-08-13T20:00:00Z",
      dateReserved: "2010-07-23T00:00:00Z",
      dateUpdated: "2024-09-16T22:56:55.368Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2010-2629
Vulnerability from cvelistv5
Published
2010-07-06 14:00
Modified
2024-08-07 02:39
Severity ?
Summary
The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.
References
http://www.securityfocus.com/archive/1/512144/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securitytracker.com/id?1024167vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/41315vdb-entry, x_refsource_BID
http://www.vsecurity.com/resources/advisory/20100702-1/x_refsource_MISC
http://securitytracker.com/id?1024168vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T02:39:37.669Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
               },
               {
                  name: "1024167",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1024167",
               },
               {
                  name: "41315",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/41315",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
               },
               {
                  name: "1024168",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1024168",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2010-07-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-10T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
            },
            {
               name: "1024167",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1024167",
            },
            {
               name: "41315",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/41315",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
            },
            {
               name: "1024168",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1024168",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2010-2629",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations where the GET line is terminated by CRLF, which allows remote attackers to conduct HTTP request smuggling attacks and possibly bypass intended header insertions via crafted header data, as demonstrated by an LF character between the ClientCert-Subject and ClientCert-Subject-CN headers. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1576.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20100702 VSR Advisory: Multiple Cisco CSS / ACE Client Certificate and HTTP Header Manipulation Vulnerabilities",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/512144/100/0/threaded",
                  },
                  {
                     name: "1024167",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1024167",
                  },
                  {
                     name: "41315",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/41315",
                  },
                  {
                     name: "http://www.vsecurity.com/resources/advisory/20100702-1/",
                     refsource: "MISC",
                     url: "http://www.vsecurity.com/resources/advisory/20100702-1/",
                  },
                  {
                     name: "1024168",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1024168",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2010-2629",
      datePublished: "2010-07-06T14:00:00",
      dateReserved: "2010-07-06T00:00:00",
      dateUpdated: "2024-08-07T02:39:37.669Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}