CVE-2010-0137

Name of the Vulnerable Software and Affected Versions Cisco IOS XR versions 3.4.1 through 3.7.0

Description The issue allows remote attackers to cause a denial of service by crashing the sshd child handler process in the SSH server and consuming memory via a crafted SSH2 packet. An attacker could trigger this issue by sending a crafted SSH version 2 packet, causing a new SSH connection handler process to crash. Repeated exploitation may lead to significant memory consumption and instability, impacting other system functionality. The parent SSH daemon process continues to function normally during this event.

Recommendations For versions 3.4.1 through 3.7.0, update to a fixed version of Cisco IOS XR Software to address the vulnerability. As a temporary workaround, consider restricting access to the SSH server to minimize the risk of exploitation.