Cisco IOS Secure Shell Denial of Service Vulnerabilities - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

The Secure Shell server (SSH) implementation in Cisco IOS contains
multiple vulnerabilities that allow unauthenticated users the ability
to generate a spurious memory access error or, in certain cases, reload
the device.
The IOS SSH server is an optional service that is disabled by default,
but its use is highly recommended as a security best practice for
management of Cisco IOS devices. SSH can be configured as part of the
AutoSecure feature in the initial configuration of IOS devices.
AutoSecure runs after initial configuration, or manually. SSH is enabled
any time RSA keys are generated such as when a http secure-server or
trust points for digital certificates are configured. Devices that are
not configured to accept SSH connections are not affected by these

See also :

Solution :

Apply the relevant patch referenced in Cisco Security Advisory

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49015 (cisco-sa-20080521-sshhttp.nasl)

Bugtraq ID: 29314

CVE ID: CVE-2008-1159

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial