6500 ACE MODULE: CVE-2010-4180 and CVE-2005-2969

Unanswered Question
Sep 2nd, 2014
User Badges:

Hello,

 

The version 3.0(0)A5(1.2) is vulnerable to these CVEs. I was looking for fix but it´s hard to find good information at Cisco Release Notes.

the old versions: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html.

I was checking if the version A5(3.0) would fix it, but nothing is said in release notes.

http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA5_3_x/release/note/ACE_mod_rn_A53x.html

 

Anyone know if newer version fixes it or know other source of information?

 

Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Felipe Lima Mon, 09/15/2014 - 13:49
User Badges:
  • Bronze, 100 points or more

Hi,

The first vulnerability has been documented by the ACE team under Cisco

Bug ID CSCtk69440 (https://tools.cisco.com/bugsearch/bug/CSCtk69440).

This vulnerability was resolved by the engineering team by disabling the

affected function call.  This particular feature was not in use by the ACE

device.  The issue was first resolved in Version 3.0(0)A4(1.0.72) back in

2011.

 

The second vulnerbility identified by CVE-2005-2969 does not have a public

bug ID.  However, the engineering team has evaluated the impact of this

issue.  The affected padding functions were never enabled in the ACE

software and the device is not affected.  This would remain the case even

if SSLv2 were to be enabled on the device for legacy browser compatibility.

 

I hope it helps you.

 

Regards,

Felipe Lima

imfvieira Thu, 09/18/2014 - 06:00
User Badges:

Hi Felipe,

Thanks for the answer,

There isn´t information about A5(3.0) in the bug description.  Is there any public Cisco document about CVE-2005-2969?

Regards,

Felipe Lima Thu, 09/18/2014 - 08:34
User Badges:
  • Bronze, 100 points or more

Hello,

I don't have much information besides this one. Sorry :(

Regards,

 

Felipe Lima

Actions

This Discussion