Overview
Multiple versions of Cisco Catalyst switches contain a denial-of-service vulnerability that allows unauthenticated remote users to restart an affected device.
Description
Cisco Catalyst switches in the 6000, 5000, and 4000 series contain a vulnerability in their SSH support component. The vulnerability is triggered by attempting to connect to the SSH service using a protocol other than SSH. The attempt generates a "protocol mismatch" error and causes the switch to restart, resulting in a denial-of-service condition. |
Impact
This vulnerability allows unauthenticated remote users to restart an affected switch, resulting in a denial-of-service condition. |
Solution
In December 2000, Cisco published a Cisco Security Advisory to address this issue. For patch information and a list of affected systems, please see: http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Cisco.
This document was written by Jeffrey P. Lanza.
Other Information
| CVE IDs: | CVE-2001-0080 |
| Severity Metric: | 21.00 |
| Date Public: | 2000-12-20 |
| Date First Published: | 2004-03-29 |
| Date Last Updated: | 2004-03-31 14:32 UTC |
| Document Revision: | 18 |