Executive Summary
| Summary | |
|---|---|
| Title | Cisco Service Control Engine Denial of Service Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20080521-sce | First vendor Publication | 2008-02-20 |
| Vendor | Cisco | Last vendor Modification | 2008-05-21 |
| Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Three Secure Shell (SSH) vulnerabilities exist in the Cisco Service Control Engine (SCE) that may result in system instability or a reload of the SCE. The first vulnerability may be triggered during SSH login activity that is conducted within aggressive time frames. The second vulnerability may be triggered with normal SSH login activity in combination with other SCE management actions occurring simultaneously. The third vulnerability may be triggered during SSH login and is specific to the usage of unique invalid authentication credentials. Cisco has made free upgrade software available to address these vulnerabilities for affected customers. There are no workarounds for these vulnerabilities. Note: These vulnerabilities are independent of each other; a device may be affected by one vulnerability and not by the others. |
Original Source
| Url : http://www.cisco.com/en/US/products/products_security_advisory09186a008099 (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-287 | Improper Authentication |
| 33 % | CWE-255 | Credentials Management |
| 33 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 45688 | Cisco Cisco Service Control Engine (SCE) SSH Server Management Interface Traf... |
| 45687 | Cisco Cisco Service Control Engine (SCE) SSH Engine Authentication Method Man... |
| 45686 | Cisco Cisco Service Control Engine (SCE) SSH Engine Login Activity Unspecifie... |
