====================================================================

                                CERT-Renater

                   Note d'Information No. 2016/VULN312
_____________________________________________________________________

DATE                : 09/09/2016

HARDWARE PLATFORM(S): Cisco ACE30, Cisco ACE 4710.

OPERATING SYSTEM(S): Cisco ACE30 software, Cisco ACE 4710 software.

=====================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace
____________________________________________________________________

Cisco Security Advisory: Cisco ACE30 Application Control Engine
Module and Cisco ACE 4710 Application Control Engine Denial of
Service Vulnerability

Advisory ID: cisco-sa-20160908-ace

Revision 1.0

For Public Release 2016 September 8 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the SSL/TLS functions of the Cisco ACE30 Application
Control Engine Module and the Cisco ACE 4700 Series Application Control
Engine Appliances could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on the affected device.

The vulnerability is due to incomplete input validation checks in the
SSL/TLS code. An attacker could exploit this vulnerability by sending
specific SSL/TLS packets to the affected device. An exploit could allow
the attacker to trigger a reload of the affected device.

Cisco has confirmed the vulnerability; however, software updates are
currently not available. Cisco will released software updates that
address the vulnerability described in this advisory. The advisory will
be updated once an estimated software fix availability date is made
available.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160908-ace

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================