Vulnerabilities in Cisco IOS Secure Shell Server - Cisco Systems

high Nessus Plugin ID 48983

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may contain two vulnerabilities that can potentially cause IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a denial of service (DoS) condition. Use of SSH with other authentication methods like Remote Authentication Dial In User Service (RADIUS) and the local user database may also be affected.

Solution

Apply the relevant patch referenced in Cisco Security Advisory cisco-sa-20050406-ssh.

See Also

http://www.nessus.org/u?5da1ac00

http://www.nessus.org/u?73c7cb36

Plugin Details

Severity: High

ID: 48983

File Name: cisco-sa-20050406-sshhttp.nasl

Version: 1.18

Type: local

Family: CISCO

Published: 9/1/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:cisco:ios

Required KB Items: Host/Cisco/IOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/6/2005

Vulnerability Publication Date: 4/6/2005

Reference Information

CVE: CVE-2005-1020, CVE-2005-1021

BID: 13042, 13043

CWE: 399

CISCO-SA: cisco-sa-20050406-ssh

CISCO-BUG-ID: CSCed65285, CSCed65778