This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch
Four different Cisco product lines are susceptible to multiple
vulnerabilities discovered in the Secure Shell (SSH) protocol version
1.5. These issues have been addressed, and fixes have been integrated
into the Cisco products that support this protocol.
By exploiting the weakness in the SSH protocol, it is possible to
insert arbitrary commands into an established SSH session, collect
information that may help in brute-force key recovery, or brute force a
Affected product lines are:
No other Cisco products are vulnerable. It is possible to mitigate this
vulnerability by preventing, or having control over, the interception
of SSH traffic.
Cisco IOS is not vulnerable to any of known exploits that are currently
used to compromise UNIX hosts. For the warning regarding increased
scanning activity for hosts running SSH consult CERT/CC.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
High / CVSS Base Score : 7.5
Nessus Plugin ID: 48957 (cisco-sa-20010627-sshhttp.nasl)
CVE ID: CVE-2001-0572