|
 |
|
Cisco Service Control Engine SSH Server Denial of Service Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA30316
|
|
|
Release Date:
|
2008-05-22
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Cisco SCE 1000 Series (Service Control Engine)
Cisco SCE 2000 Series (Service Control Engine)
|
|
| | CVE reference: | CVE-2008-0534 (Secunia mirror)
CVE-2008-0535 (Secunia mirror)
CVE-2008-0536 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Cisco Service Control Engine, which can be exploited by malicious people to cause a DoS (Denial of Service).
1) An unspecified error within the SCE SSH server can be exploited to cause system instability or a reload of the SCE via certain SSH login activity.
2) An unspecified error during the login process within the SCE SSH server can be exploited to cause a DoS via specific SSH credentials that attempt to change the authentication method.
Vulnerabilities #1 and #2 are reported in the SCE 1000 and 2000 series with software versions prior to 3.1.6.
3) An unspecified error within the SCE SSH server when processing SSH traffic to the SCE management interface can lead to an illegal IO operation and an imperative reboot of the SCE.
Vulnerability #3 is reported in the SCE 1000 and 2000 series with software versions prior to 3.0.7 and 3.1.0.
Successful exploitation of these vulnerabilities requires that the SSH server is enabled (not enabled by default).
Solution:
Update to version 3.1.6.
http://www.cisco.com/pcgi-bin/tablebuild.pl/scos
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://www.cisco.com/warp/public/707/cisco-sa-20080521-sce.shtml
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
