Cisco IOS Software Reverse SSH Denial of Service Vulnerability (cisco-sa-20120328-ssh)
High Nessus Plugin ID 58573
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition. The SSH server in Cisco IOS Software and Cisco IOS XE Software is an optional service, but its use is highly recommended as a security best practice for the management of Cisco IOS devices. Devices that are not configured to accept SSHv2 connections are not affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
SolutionApply the relevant patch referenced in Cisco Security Advisory cisco-sa-20120328-ssh.