Cisco Application and Content Networking System Multiple Remote Vulnerabilities
BID:12648
Info
Cisco Application and Content Networking System Multiple Remote Vulnerabilities
| Bugtraq ID: | 12648 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-0597 CVE-2005-0598 CVE-2005-0599 CVE-2005-0600 CVE-2005-0601 CVE-2005-0601 CVE-2005-0599 CVE-2005-0597 CVE-2005-0600 CVE-2005-0598 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 24 2005 12:00AM |
| Updated: | Mar 19 2015 08:21AM |
| Credit: | These issues were disclosed by the vendor. |
| Vulnerable: |
Cisco Content Router 4450 Cisco Content Router 4430 4.1 Cisco Content Router 4430 4.0 Cisco Content Router 4430 Cisco Content Engine Module for Cisco Router 3800 Series Cisco Content Engine Module for Cisco Router 3700 Series Cisco Content Engine Module for Cisco Router 3600 Series Cisco Content Engine Module for Cisco Router 2800 Series Cisco Content Engine Module for Cisco Router 2600 Series Cisco Content Engine 7325 Cisco Content Engine 7320 4.1 Cisco Content Engine 7320 4.0 Cisco Content Engine 7320 3.1 Cisco Content Engine 7320 2.2 .0 Cisco Content Engine 7320 Cisco Content Engine 590 4.1 Cisco Content Engine 590 4.0 Cisco Content Engine 590 3.1 Cisco Content Engine 590 2.2 .0 Cisco Content Engine 590 Cisco Content Engine 565 Cisco Content Engine 560 4.1 Cisco Content Engine 560 4.0 Cisco Content Engine 560 3.1 Cisco Content Engine 560 2.2 .0 Cisco Content Engine 560 Cisco Content Engine 510 Cisco Content Engine 507 4.1 Cisco Content Engine 507 4.0 Cisco Content Engine 507 3.1 Cisco Content Engine 507 2.2 .0 Cisco Content Engine 507 Cisco Content Distribution Manager 4670 Cisco Content Distribution Manager 4650 4.1 Cisco Content Distribution Manager 4650 4.0 Cisco Content Distribution Manager 4650 Cisco Content Distribution Manager 4630 4.1 Cisco Content Distribution Manager 4630 4.0 Cisco Content Distribution Manager 4630 Cisco Content Delivery Manager 4650 Cisco Content Delivery Manager 4630 Cisco Application & Content Networking Software (ACNS) Cisco Application & Content Networking Software 5.2.3 .9 Cisco Application & Content Networking Software 5.2 Cisco Application & Content Networking Software 5.1.13 .7 Cisco Application & Content Networking Software 5.1.11 .6 Cisco Application & Content Networking Software 5.1 Cisco Application & Content Networking Software 5.0.17 .6 Cisco Application & Content Networking Software 5.0.5 Cisco Application & Content Networking Software 5.0.3 Cisco Application & Content Networking Software 5.0.1 Cisco Application & Content Networking Software 5.0 Cisco Application & Content Networking Software 4.2.11 Cisco Application & Content Networking Software 4.2.9 Cisco Application & Content Networking Software 4.2.7 Cisco Application & Content Networking Software 4.2 Cisco Application & Content Networking Software 4.1.3 Cisco Application & Content Networking Software 4.1.1 Cisco Application & Content Networking Software 4.0.3 Cisco Application & Content Networking Software |
| Not Vulnerable: |
Cisco Application & Content Networking Software 5.2.3 .9 Cisco Application & Content Networking Software 5.2.1 .7 Cisco Application & Content Networking Software 5.1.13 .7 Cisco Application & Content Networking Software 5.1.11 .6 Cisco Application & Content Networking Software 5.0.17 .6 |
Discussion
Cisco Application and Content Networking System Multiple Remote Vulnerabilities
Multiple remote vulnerabilities affect Cisco Application and Content Networking System (ACNS). This issue is due to a failure of the affected software to properly handle malformed network data.
Specifically, multiple denial of service vulnerabilities and a single default administrator password issues were reported.
An attacker may leverage these issues to trigger a denial of service condition in affected devices or on the network segment that they reside on. The default password issue may allow an unauthorized user to gain administrator access to an affected device.
Multiple remote vulnerabilities affect Cisco Application and Content Networking System (ACNS). This issue is due to a failure of the affected software to properly handle malformed network data.
Specifically, multiple denial of service vulnerabilities and a single default administrator password issues were reported.
An attacker may leverage these issues to trigger a denial of service condition in affected devices or on the network segment that they reside on. The default password issue may allow an unauthorized user to gain administrator access to an affected device.
Exploit / POC
Cisco Application and Content Networking System Multiple Remote Vulnerabilities
No exploit is required to leverage the default password issue.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
No exploit is required to leverage the default password issue.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Cisco Application and Content Networking System Multiple Remote Vulnerabilities
Solution:
Cisco has released advisories and updated dealing with these issues. Please see the referenced advisory for more information.
Solution:
Cisco has released advisories and updated dealing with these issues. Please see the referenced advisory for more information.
References
Cisco Application and Content Networking System Multiple Remote Vulnerabilities
References:
References:
- CISCO APPLICATION AND CONTENT NETWORKING SYSTEM (ACNS) SOFTWARE (Cisco)
- Cisco Security Advisory: ACNS Denial of Service and Default Admin Password Vulns (Cisco Systems Product Security Incident Response Team