Multiple SSH Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch

Description :

Four different Cisco product lines are susceptible to multiple
vulnerabilities discovered in the Secure Shell (SSH) protocol version
1.5. These issues have been addressed, and fixes have been integrated
into the Cisco products that support this protocol.
By exploiting the weakness in the SSH protocol, it is possible to
insert arbitrary commands into an established SSH session, collect
information that may help in brute-force key recovery, or brute force a
session key.
Affected product lines are:
No other Cisco products are vulnerable. It is possible to mitigate this
vulnerability by preventing, or having control over, the interception
of SSH traffic.
Cisco IOS is not vulnerable to any of known exploits that are currently
used to compromise UNIX hosts. For the warning regarding increased
scanning activity for hosts running SSH consult CERT/CC.

See also :

http://www.openwall.com/articles/SSH-Traffic-Analysis
http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html
http://www.nessus.org/u?cf3fc1b5
http://www.nessus.org/u?ea4df78e

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20010627-ssh.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: CISCO

Nessus Plugin ID: 48957 (cisco-sa-20010627-sshhttp.nasl)

Bugtraq ID:

CVE ID: CVE-2001-0572