Executive Summary
Summary | |
---|---|
Title | Cisco IOS Secure Shell Denial of Service |
Informations | |||
---|---|---|---|
Name | cisco-sa-20080521-ssh | First vendor Publication | 2007-10-13 |
Vendor | Cisco | Last vendor Modification | 2008-05-21 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices, AutoSecure run after initial configuration, or manually. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-1159 has been assigned to this vulnerability. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a008099 (...) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5486 | |||
Oval ID: | oval:org.mitre.oval:def:5486 | ||
Title: | Cisco IOS Secure Shell Denial of Service Vulnerabilities | ||
Description: | Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293. | ||
Family: | ios | Class: | vulnerability |
Reference(s): | CVE-2008-1159 | Version: | 1 |
Platform(s): | Cisco IOS | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45676 | Cisco IOS SSH Server Unspecified Remote DoS (CSCsh51293) |
45675 | Cisco IOS SSH Server Unspecified Remote DoS (CSCsk60020) |
45674 | Cisco IOS SSH Server Unspecified Remote DoS (CSCsk42419) |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20080521-sshhttp.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:21:53 |
|