| VID |
29054 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The CISCO IOS has a Denial of Service vulnerability due to SSH scanning(Cisco bug ID CSCdw33027).
By repeatedly exploiting this vulnerability an attacker can cause a denial of service. While fixing the vulnerabilities listed in http://www.cisco.com/warp/public/707/SSH-multiple-pub.html (Cisco Security Advisory: Multiple SSH Vulnerabilities) an instability is introduced in some products. When exposed to an overly large packet, the SSH process will consume too much of the processor's time, effectively causing a DoS. In some cases this availability attack may result in a reboot of the device. In order to be exposed SSH must be enabled on the device.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/SSH-scanning.shtml
http://www.cisco.com/warp/public/707/SSH-multiple-pub.html
http://www.kb.cert.org/vuls/id/945216
* Platforms Affected:
Cisco Catalyst 6000 Any version
Cisco Content Service Switch 11000 series
Cisco IOS 12.0
Cisco IOS 12.1
Cisco IOS 12.2
Cisco PIX Firewall 5.2
Cisco PIX Firewall 5.3
Cisco PIX Firewall 6.0
Cisco PIX Firewall 6.1
Cisco PIX Firewall 6.2 |
| Recommendation |
Upgrade to the fixed version of Cisco IOS, as listed in "Software Versions and Fixes" of Cisco Security Advisory, http://www.cisco.com/warp/public/707/SSH-scanning.shtml . Upgrades should be obtained through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com .
As a workaround, block all SSH connections on the border on your network, or on each individual device allow SSH connections only from the required IP addresses and block all others.
For details, see http://www.cisco.com/warp/public/707/SSH-scanning.shtml . |
| Related URL |
CVE-2002-1024 (CVE) |
| Related URL |
5114 (SecurityFocus) |
| Related URL |
9437 (ISS) |
|
