| VID |
29068 |
| Severity |
30 |
| Port |
161 |
| Protocol |
UDP |
| Class |
CISCO |
| Detailed Description |
The Cisco CatOS has a "SSH CRC32" denial of service vulnerability(Cisco Bug ID CSCdv85279, CSCdw59394).
While addressing vulnerabilities described in http://www.cisco.com/warp/public/707/SSH-multiple-pub.html , a new SSH vulnerability in several Cisco products has been inadvertently introduced into firmware upgrades. Firmware for routers and switches (IOS), Catalyst 6000 switches running CatOS, Cisco PIX Firewall and Cisco 11000 Content Service Switch devices may be vulnerable.
When an attacker tries to exploit the vulnerability VU#945216 (described in the CERT/CC Vulnerability Note at http://www.kb.cert.org/vuls/id/945216 ) the SSH module will consume too much of the processor's time, effectively causing a DoS. In some cases the device will reboot. In order to be exposed SSH must be enabled on the device.
* Note: This check solely relied on the version number of the remote system to assess this vulnerability, so this might be a false positive. Also, it requires a read access SNMP community string to collect the version number. To provide this access, add the valid community string to the check item, "snmp/guessable/r" from the Policy Editor.
* References:
http://www.cisco.com/warp/public/707/SSH-scanning.shtml
http://www.kb.cert.org/vuls/id/290140
http://www.ciac.org/ciac/techbull/CIACTech02-001.shtml
* Platforms Affected:
Cisco Catalyst 6000 Any version
Cisco Content Service Switch 11000 series
Cisco IOS 12.0
Cisco IOS 12.1
Cisco IOS 12.2
Cisco PIX Firewall 5.2
Cisco PIX Firewall 5.3
Cisco PIX Firewall 6.0
Cisco PIX Firewall 6.1
Cisco PIX Firewall 6.2 |
| Recommendation |
Upgrade to the latest version of Cisco CatOS (6.3(3.6) or 7.1(0.94) or 7.2(0.14)PEN and later).
Upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com .
Workarounds:
Block all SSH connections on the border on your network
-- OR --
On each individual device allow SSH connections only from the required IP addresses and block all others.
For details, see http://www.cisco.com/warp/public/707/SSH-scanning.shtml |
| Related URL |
CVE-2002-1024 (CVE) |
| Related URL |
5114 (SecurityFocus) |
| Related URL |
9437 (ISS) |
|
