Cisco IOS Reverse SSH Login Denial of Service
Cisco IOS Reverse SSH Login Denial of Service Vulnerability
Release Date : 2012-03-29
Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch
Operating System: Cisco IOS 12.x
Cisco IOS 15.0
Cisco IOS 15.1
Cisco IOS 15.2
Cisco IOS XE 3.4.x
A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the SSHv2 functionality when handling the username during the authentication process and can be exploited to cause a device to restart.
Successful exploitation requires a IOS device to have an established reverse SSH connection.
Please see the vendor's advisory for a list of affected versions.
Update to a fixed version (please see the vendor's advisory for details).
Provided and/or discovered by:
Reported by the vendor.