The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios | Cisco | 15.2(1)sy (including) | 15.2(1)sy (including) |
| Ios | Cisco | 15.2(1)sy0a (including) | 15.2(1)sy0a (including) |
| Ios | Cisco | 15.2(2)e (including) | 15.2(2)e (including) |
| Ios | Cisco | 15.2(2)e1 (including) | 15.2(2)e1 (including) |
| Ios | Cisco | 15.2(2)e2 (including) | 15.2(2)e2 (including) |
| Ios | Cisco | 15.2(2)ea1 (including) | 15.2(2)ea1 (including) |
| Ios | Cisco | 15.2(2a)e1 (including) | 15.2(2a)e1 (including) |
| Ios | Cisco | 15.2(2a)e2 (including) | 15.2(2a)e2 (including) |
| Ios | Cisco | 15.2(3)e (including) | 15.2(3)e (including) |
| Ios | Cisco | 15.2(3)ea (including) | 15.2(3)ea (including) |
| Ios | Cisco | 15.2(3a)e (including) | 15.2(3a)e (including) |
| Ios | Cisco | 15.3(3)m1 (including) | 15.3(3)m1 (including) |
| Ios | Cisco | 15.3(3)m2 (including) | 15.3(3)m2 (including) |
| Ios | Cisco | 15.3(3)m3 (including) | 15.3(3)m3 (including) |
| Ios | Cisco | 15.3(3)m4 (including) | 15.3(3)m4 (including) |
| Ios | Cisco | 15.3(3)m5 (including) | 15.3(3)m5 (including) |
| Ios | Cisco | 15.3(3)s (including) | 15.3(3)s (including) |
| Ios | Cisco | 15.3(3)s1 (including) | 15.3(3)s1 (including) |
| Ios | Cisco | 15.3(3)s1a (including) | 15.3(3)s1a (including) |
| Ios | Cisco | 15.3(3)s2 (including) | 15.3(3)s2 (including) |
| Ios | Cisco | 15.3(3)s3 (including) | 15.3(3)s3 (including) |
| Ios | Cisco | 15.3(3)s4 (including) | 15.3(3)s4 (including) |
| Ios | Cisco | 15.3(3)s5 (including) | 15.3(3)s5 (including) |
| Ios | Cisco | 15.4(1)cg (including) | 15.4(1)cg (including) |
| Ios | Cisco | 15.4(1)cg1 (including) | 15.4(1)cg1 (including) |
| Ios | Cisco | 15.4(1)s (including) | 15.4(1)s (including) |
| Ios | Cisco | 15.4(1)s1 (including) | 15.4(1)s1 (including) |
| Ios | Cisco | 15.4(1)s2 (including) | 15.4(1)s2 (including) |
| Ios | Cisco | 15.4(1)s3 (including) | 15.4(1)s3 (including) |
| Ios | Cisco | 15.4(1)t (including) | 15.4(1)t (including) |
| Ios | Cisco | 15.4(1)t1 (including) | 15.4(1)t1 (including) |
| Ios | Cisco | 15.4(1)t2 (including) | 15.4(1)t2 (including) |
| Ios | Cisco | 15.4(1)t3 (including) | 15.4(1)t3 (including) |
| Ios | Cisco | 15.4(2)cg (including) | 15.4(2)cg (including) |
| Ios | Cisco | 15.4(2)s (including) | 15.4(2)s (including) |
| Ios | Cisco | 15.4(2)s1 (including) | 15.4(2)s1 (including) |
| Ios | Cisco | 15.4(2)s2 (including) | 15.4(2)s2 (including) |
| Ios | Cisco | 15.4(2)t (including) | 15.4(2)t (including) |
| Ios | Cisco | 15.4(2)t1 (including) | 15.4(2)t1 (including) |
| Ios | Cisco | 15.4(2)t2 (including) | 15.4(2)t2 (including) |
| Ios | Cisco | 15.4(3)m (including) | 15.4(3)m (including) |
| Ios | Cisco | 15.4(3)m1 (including) | 15.4(3)m1 (including) |
| Ios | Cisco | 15.4(3)m2 (including) | 15.4(3)m2 (including) |
| Ios | Cisco | 15.4(3)s (including) | 15.4(3)s (including) |
| Ios | Cisco | 15.4(3)s1 (including) | 15.4(3)s1 (including) |
| Ios | Cisco | 15.4(3)s2 (including) | 15.4(3)s2 (including) |
| Ios | Cisco | 15.5(1)s (including) | 15.5(1)s (including) |
| Ios | Cisco | 15.5(1)t (including) | 15.5(1)t (including) |
| Ios_xe | Cisco | 3.6e.0 (including) | 3.6e.0 (including) |
| Ios_xe | Cisco | 3.6e.0a (including) | 3.6e.0a (including) |
| Ios_xe | Cisco | 3.6e.0b (including) | 3.6e.0b (including) |
| Ios_xe | Cisco | 3.6e.1 (including) | 3.6e.1 (including) |
| Ios_xe | Cisco | 3.6e.2 (including) | 3.6e.2 (including) |
| Ios_xe | Cisco | 3.6e.2a (including) | 3.6e.2a (including) |
| Ios_xe | Cisco | 3.7e.0 (including) | 3.7e.0 (including) |
| Ios_xe | Cisco | 3.10s.0 (including) | 3.10s.0 (including) |
| Ios_xe | Cisco | 3.10s.0a (including) | 3.10s.0a (including) |
| Ios_xe | Cisco | 3.10s.01 (including) | 3.10s.01 (including) |
| Ios_xe | Cisco | 3.10s.1 (including) | 3.10s.1 (including) |
| Ios_xe | Cisco | 3.10s.2 (including) | 3.10s.2 (including) |
| Ios_xe | Cisco | 3.10s.3 (including) | 3.10s.3 (including) |
| Ios_xe | Cisco | 3.10s.4 (including) | 3.10s.4 (including) |
| Ios_xe | Cisco | 3.10s.5 (including) | 3.10s.5 (including) |
| Ios_xe | Cisco | 3.11s.0 (including) | 3.11s.0 (including) |
| Ios_xe | Cisco | 3.11s.1 (including) | 3.11s.1 (including) |
| Ios_xe | Cisco | 3.11s.2 (including) | 3.11s.2 (including) |
| Ios_xe | Cisco | 3.11s.3 (including) | 3.11s.3 (including) |
| Ios_xe | Cisco | 3.12s.0 (including) | 3.12s.0 (including) |
| Ios_xe | Cisco | 3.12s.1 (including) | 3.12s.1 (including) |
| Ios_xe | Cisco | 3.12s.2 (including) | 3.12s.2 (including) |
| Ios_xe | Cisco | 3.13s.0 (including) | 3.13s.0 (including) |
| Ios_xe | Cisco | 3.13s.1 (including) | 3.13s.1 (including) |
| Ios_xe | Cisco | 3.13s.2 (including) | 3.13s.2 (including) |
| Ios_xe | Cisco | 3.14s.0 (including) | 3.14s.0 (including) |