CVE-2016-6399
high-risk
Published 2016-09-12
Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317.
Do I need to act?
-
0.74% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Ace Application Control Engine Module A1
Ace Application Control Engine Module A3
Ace Application Control Engine Module A3
Ace Application Control Engine Module A4
Ace Application Control Engine Module A4
Ace Application Control Engine Module A4
Ace Application Control Engine Module A4
Ace Application Control Engine Module A5
Ace Application Control Engine Module A5
Ace Application Control Engine Module A5
Ace Application Control Engine Module A5
Ace Application Control Engine Module A5
Ace Application Control Engine Module A5
Ace 4700 Series Application Control Engine Appliance
Ace 4700 Series Application Control Engine Appliance
Ace 4700 Series Application Control Engine Appliance
Ace 4700 Series Application Control Engine Appliance
Ace 4700 Series Application Control Engine Appliance
Ace 4700 Series Application Control Engine Appliance A1
Ace 4700 Series Application Control Engine Appliance A1
Affected Vendors
References (6)
56
/ 100
high-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
27/34 · High