Detections
Analytics

Cisco IOS XR OpenSSH Module SSH Login Channel Identifier DoS

medium Nessus Plugin ID 91192

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The version of Cisco IOS XR software running on the remote device is affected by a denial of service vulnerability in the OpenSSH module due to improper validation of the channel identifier during an SSH handshake negotiation. An authenticated, remote attacker can exploit this issue, via a crafted SSH packet with an invalid channel identifier, to reset the SSH login process.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCun75294.

See Also

http://www.nessus.org/u?c76c5b5d

Plugin Details

Severity: Medium

ID: 91192

File Name: cisco-CSCun75294-iosxr.nasl

Version: 1.4

Type: combined

Family: CISCO

Published: 5/17/2016

Updated: 4/8/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2015-4193

Vulnerability Information

CPE: cpe:/o:cisco:ios_xr

Required KB Items: Host/Cisco/IOS-XR/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/11/2015

Vulnerability Publication Date: 8/11/2015

Reference Information

CVE: CVE-2015-4193

CISCO-BUG-ID: CSCun75294