CVE-2008-0536

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers illegal I/O operations, aka Bug ID CSCsh49563.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/114.html
• https://cwe.mitre.org/data/definitions/115.html
• https://cwe.mitre.org/data/definitions/151.html
• https://cwe.mitre.org/data/definitions/194.html
• https://cwe.mitre.org/data/definitions/22.html
• https://cwe.mitre.org/data/definitions/57.html
• https://cwe.mitre.org/data/definitions/593.html
• https://cwe.mitre.org/data/definitions/633.html
• https://cwe.mitre.org/data/definitions/650.html
• https://cwe.mitre.org/data/definitions/94.html

References

• http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml
• http://www.securityfocus.com/bid/29316
• http://securitytracker.com/id?1020074
• http://secunia.com/advisories/30316
• http://www.icon-labs.com/news/read.asp?newsID=77
• http://www.kb.cert.org/vuls/id/626979
• http://www.securityfocus.com/bid/29609
• http://secunia.com/advisories/30590
• http://www.vupen.com/english/advisories/2008/1774/references
• http://www.vupen.com/english/advisories/2008/1604/references
• https://exchange.xforce.ibmcloud.com/vulnerabilities/42566