Multiple SSH Vulnerabilities - Cisco Systems

high Nessus Plugin ID 48957

Synopsis

The remote device is missing a vendor-supplied security patch

Description

Four different Cisco product lines are susceptible to multiple vulnerabilities discovered in the Secure Shell (SSH) protocol version 1.5. These issues have been addressed, and fixes have been integrated into the Cisco products that support this protocol.
By exploiting the weakness in the SSH protocol, it is possible to insert arbitrary commands into an established SSH session, collect information that may help in brute-force key recovery, or brute force a session key.
Affected product lines are:
No other Cisco products are vulnerable. It is possible to mitigate this vulnerability by preventing, or having control over, the interception of SSH traffic.
Cisco IOS is not vulnerable to any of known exploits that are currently used to compromise UNIX hosts. For the warning regarding increased scanning activity for hosts running SSH consult CERT/CC.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20010627-ssh.

See Also

https://www.openwall.com/articles/SSH-Traffic-Analysis

https://seclists.org/bugtraq/2001/Mar/262

http://www.nessus.org/u?fb584d2f

http://www.nessus.org/u?2ead856a

Plugin Details

Severity: High

ID: 48957

File Name: cisco-sa-20010627-sshhttp.nasl

Version: 1.19

Type: combined

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Patch Publication Date: 6/27/2001

Vulnerability Publication Date: 3/19/2001

Reference Information

CVE: CVE-2001-0572