Detections
Analytics
Cisco Application Control Engine < A3(2.1) Multiple Unspecified Traversals (cisco-sa-20090225-anm)
high Nessus Plugin ID 69913
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
The Cisco Application Control Engine (ACE) software installed on the remote Cisco IOS device is earlier than A3(2.1). It is, therefore, potentially affected by multiple unspecified directory traversals.An authenticated attacker could exploit these to access ACE operating system and host operating system files.
Solution
Upgrade to Cisco ACE A3(2.1) or later as discussed in Cisco Security Advisory cisco-sa-20090225-anm.See Also
https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20090225-anm.html
Plugin Details
Severity: High
ID: 69913
File Name: cisco-sa-20090225-anm.nasl
Version: 1.4
Type: local
Family: CISCO
Published: 9/16/2013
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:cisco:application_control_engine_device_manager
Required KB Items: Host/Cisco/ACE/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 2/25/2009
Vulnerability Publication Date: 2/25/2009
Reference Information
CVE: CVE-2009-0615
BID: 33903