Vigil@nce - Cisco ACE: denial of service via SSL Logs
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can open numerous SSL sessions, to fill in the Cisco
ACE log files, in order to trigger a denial of service.
– Impacted products: Cisco ACE
– Severity: 2/4
– Creation date: 16/05/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco Application Control Engine product logs SSL sessions
requested by users.
However, the log file is not rotated. The hard drive can thus be
filled, which prevents some Cisco ACE operations.
An attacker can therefore open numerous SSL sessions, to fill in
the Cisco ACE log files, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-ACE-denial-of-service-via-SSL-Logs-12836