OpenSSH vulnerability CVE-2016-10708

2018-04-1122:06:00

support.f5.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.047 Low

EPSS

Percentile

91.7%

JSON

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. (CVE-2016-10708)

Impact

This vulnerability allows a remote attacker to disrupt service.

CPENameOperatorVersion
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)le14.0.1
ARXle6.4.0
Enterprise Managereq3.1.1
BIG-IQ Centralized Managementle7.1.0
BIG-IQ Cloud and Orchestrationeq1.0.0
F5 iWorkflowle2.3.0
LineRatele2.6.2
Traffix SDCle5.1.0

Name	Operator	Version
BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)	le	14.0.1
ARX	le	6.4.0
Enterprise Manager	eq	3.1.1
BIG-IQ Centralized Management	le	7.1.0
BIG-IQ Cloud and Orchestration	eq	1.0.0
F5 iWorkflow	le	2.3.0
LineRate	le	2.6.2
Traffix SDC	le	5.1.0