Vigil@nce - Cisco ACE: denial of service via SSL Logs
May 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can open numerous SSL sessions, to fill in the Cisco ACE log files, in order to trigger a denial of service.
Impacted products: Cisco ACE
Creation date: 16/05/2013
DESCRIPTION OF THE VULNERABILITY
The Cisco Application Control Engine product logs SSL sessions requested by users.
However, the log file is not rotated. The hard drive can thus be filled, which prevents some Cisco ACE operations.
An attacker can therefore open numerous SSL sessions, to fill in the Cisco ACE log files, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN