Overview
Multiple versions of Cisco Catalyst switches contain a denial-of-service vulnerability that allows unauthenticated remote users to restart an affected device.
Description
Cisco Catalyst switches in the 6000, 5000, and 4000 series contain a vulnerability in their SSH support component. The vulnerability is triggered by attempting to connect to the SSH service using a protocol other than SSH. The attempt generates a "protocol mismatch" error and causes the switch to restart, resulting in a denial-of-service condition. |
Impact
This vulnerability allows unauthenticated remote users to restart an affected switch, resulting in a denial-of-service condition. |
Solution
In December 2000, Cisco published a Cisco Security Advisory to address this issue. For patch information and a list of affected systems, please see: http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
This vulnerability was reported by Cisco.
This document was written by Jeffrey P. Lanza.
Other Information
CVE IDs: | CVE-2001-0080 |
Severity Metric: | 21.00 |
Date Public: | 2000-12-20 |
Date First Published: | 2004-03-29 |
Date Last Updated: | 2004-03-31 14:32 UTC |
Document Revision: | 18 |