Cisco CSS/ACE Multiple Remote Security Vulnerabilities

Cisco CSS (Content Services Switch) and ACE (Application Control Engine) are prone to an input-validation vulnerability and a security vulnerability that may allow attackers to spoof client-side certificates.

An attacker can exploit these issues to impersonate other users when using client certificate-based authentication and to bypass certain security restrictions. Other attacks are also possible.

These issues are being tracked by Cisco Bugid CSCSZ04690 and CSCTA04885.


Privacy Statement
Copyright 2010, SecurityFocus