How to Buy
This script is (C) 2010-2014 Tenable Network Security, Inc.
The remote device is missing a vendor-supplied security patch.
Certain Cisco products containing support for the Secure Shell (SSH)
server are vulnerable to a Denial of Service (DoS) if the SSH server is
enabled on the device. A malformed SSH packet directed at the affected
device can cause a reload of the device. No authentication is necessary
for the packet to be received by the affected device. The SSH server in
Cisco IOS is disabled by default.
Cisco will be making free software available to correct the problem as
soon as possible.
The malformed packets can be generated using the SSHredder test suite
from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not
aware of any malicious exploitation of this vulnerability.
See also :
Apply the relevant patch referenced in Cisco Security Advisory
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true
Nessus Plugin ID: 48968 (cisco-sa-20021219-ssh-packethttp.nasl)
Bugtraq ID: 6405640764086410
CVE ID: CVE-2002-1357CVE-2002-1358CVE-2002-1359CVE-2002-1360
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.