Overview
Multiple Cisco networking products contain a denial-of-service vulnerability.
Description
Multiple Cisco networking products contain a vulnerability that allows large SSH packets to cause excessive consumption of CPU resources. In some circumstances, this resource consumption may cause the affected device to reboot. This vulnerability is a side effect of a Cisco patch for VU#13877, an SSH packet injection vulnerability. Please note that this patch does not contain the integer overflow vulnerability described in VU#945216. However, according to Cisco's Security Advisory, this denial-of-service vulnerability may be triggered by attempts to exploit VU#945216. |
Impact
Remote attackers may conduct denial-of-service attacks against affected devices. |
Solution
Apply a patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This document was written by Jeffrey P. Lanza and is based on information provided by Cisco.
Other Information
| CVE IDs: | CVE-2002-1024 |
| Severity Metric: | 21.09 |
| Date Public: | 2002-06-27 |
| Date First Published: | 2002-06-27 |
| Date Last Updated: | 2002-12-12 23:25 UTC |
| Document Revision: | 9 |