Cisco ACE30 Application Control Engine Module and Cisco ACE 4710 Application Control Engine Denial of Service Vulnerability
A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.The vulnerability is due to incomplete input validation checks in the SSL/TLS code. An attacker could exploit this vulnerability by sending specific SSL/TLS packets to the affected device. An exploit could allow the attacker to trigger a reload of the affected device.
Cisco has confirmed the vulnerability; however, software updates are currently not available. Cisco will released software updates that address the vulnerability described in this advisory. The advisory will be updated once an estimated software fix availability date is made available.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2cd05gX
A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application Control Engine Module and the Cisco ACE 4700 Series Application Control Engine Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device.The vulnerability is due to incomplete input validation checks in the SSL/TLS code. An attacker could exploit this vulnerability by sending specific SSL/TLS packets to the affected device. An exploit could allow the attacker to trigger a reload of the affected device.
Cisco has confirmed the vulnerability; however, software updates are currently not available. Cisco will released software updates that address the vulnerability described in this advisory. The advisory will be updated once an estimated software fix availability date is made available.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:
http://ift.tt/2cd05gX
Security Impact Rating: High
CVE: CVE-2016-6399
from Cisco Security Advisory http://ift.tt/2cd05gX