ID CVE-2008-1159
Summary Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
References
Vulnerable Configurations
  • cpe:2.3:h:cisco:ios_s:12.4
    cpe:2.3:h:cisco:ios_s:12.4
  • cpe:2.3:h:cisco:ios_t:12.4
    cpe:2.3:h:cisco:ios_t:12.4
  • cpe:2.3:h:cisco:ios_xr:12.4
    cpe:2.3:h:cisco:ios_xr:12.4
  • Cisco IOS_XR
    cpe:2.3:o:cisco:ios_xr
CVSS
Base: 7.1 (as of 22-05-2008 - 11:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
NASL family CISCO
NASL id CISCO-SA-20080521-SSHHTTP.NASL
description The Secure Shell server (SSH) implementation in Cisco IOS contains multiple vulnerabilities that allow unauthenticated users the ability to generate a spurious memory access error or, in certain cases, reload the device. The IOS SSH server is an optional service that is disabled by default, but its use is highly recommended as a security best practice for management of Cisco IOS devices. SSH can be configured as part of the AutoSecure feature in the initial configuration of IOS devices. AutoSecure runs after initial configuration, or manually. SSH is enabled any time RSA keys are generated such as when a http secure-server or trust points for digital certificates are configured. Devices that are not configured to accept SSH connections are not affected by these vulnerabilities.
last seen 2019-02-21
modified 2018-11-15
plugin id 49015
published 2010-09-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49015
title Cisco IOS Secure Shell Denial of Service Vulnerabilities - Cisco Systems
oval via4
accepted 2008-09-08T04:00:25.774-04:00
class vulnerability
contributors
name Yuzheng Zhou
organization Hewlett-Packard
description Multiple unspecified vulnerabilities in the SSH server in Cisco IOS 12.4 allow remote attackers to cause a denial of service (device restart) via unknown vectors, aka Bug ID (1) CSCsk42419, (2) CSCsk60020, and (3) CSCsh51293.
family ios
id oval:org.mitre.oval:def:5486
status accepted
submitted 2008-05-26T11:06:36.000-04:00
title Cisco IOS Secure Shell Denial of Service Vulnerabilities
version 3
refmap via4
bid 29314
cisco 20080521 Cisco IOS Secure Shell Denial of Service Vulnerabilities
sectrack 1020073
secunia 30322
vupen ADV-2008-1605
xf cisco-ios-ssh-multiple-dos(42563)
Last major update 07-03-2011 - 22:06
Published 22-05-2008 - 09:09
Last modified 28-09-2017 - 21:30
Back to Top