Cisco Small Business Switches SSH/SSL Packets Processing

by Carol~ Moderator - 3/7/13 8:30 AM

In Reply to: VULNERABILITIES / FIXES - March 07, 2013 by Carol~ Moderator

Cisco Small Business Switches SSH/SSL Packets Processing Denial of Service Vulnerability

Release Date: 2013-03-07

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System :
Cisco Small Business Managed Switches 300 Series
Cisco Small Business Smart Switches 200 Series
Cisco Small Business Stackable Managed 500 Series

Description:
A vulnerability has been reported in Cisco Small Business Switches, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when processing SSH or SSL packets. This can be exploited to cause a SSL/TLS protocol layer to fail and render some service unusable by sending specially crafted SSH or SSL packets.

Please see the vendor's advisory for a list of affected versions.

Solution:
Apply patches (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits Hisashi Kojima and Masahiro Nakada, Fujitsu Laboratories LTD.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/viewAlert.x?alertId=27502

http://secunia.com/advisories/52476/