Cisco Unified Computing System Remote Denial of Service Vulnerability

2012-08-10T20:46:50
ID CISCO-SA-20120810-CVE-2012-1339
Type cisco
Reporter Cisco
Modified 2015-01-31T16:00:00

Description

Cisco Unified Computing System contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to the improper handling of user-supplied SSH requests by affected software. An unauthenticated, remote attacker can exploit this vulnerability by transmitting a crafted SSH request to the software. Successful exploitation could allow an attacker to cause the abnormal termination of the application, resulting in a DoS condition.

Cisco has confirmed this vulnerability and released software updates.

To successfully exploit this vulnerability, an attacker would need access to an internal, private network to submit crafted SSH requests. This access requirement decreases the likelihood of a successful exploit.