The version 3.0(0)A5(1.2) is vulnerable to these CVEs. I was looking for fix but it´s hard to find good information at Cisco Release Notes.
the old versions: http://www.cisco.com/c/en/us/td/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html.
I was checking if the version A5(3.0) would fix it, but nothing is said in release notes.
Anyone know if newer version fixes it or know other source of information?
The first vulnerability has been documented by the ACE team under Cisco
Bug ID CSCtk69440 (https://tools.cisco.com/bugsearch/bug/CSCtk69440).
This vulnerability was resolved by the engineering team by disabling the
affected function call. This particular feature was not in use by the ACE
device. The issue was first resolved in Version 3.0(0)A4(1.0.72) back in
The second vulnerbility identified by CVE-2005-2969 does not have a public
bug ID. However, the engineering team has evaluated the impact of this
issue. The affected padding functions were never enabled in the ACE
software and the device is not affected. This would remain the case even
if SSLv2 were to be enabled on the device for legacy browser compatibility.
I hope it helps you.
Thanks for the answer,
There isn´t information about A5(3.0) in the bug description. Is there any public Cisco document about CVE-2005-2969?
I don't have much information besides this one. Sorry :(
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: