CVE-2012-0386

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.1, and 15.2 Cisco IOS XE versions 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S

Description The Secure Shell (SSH) server implementation in Cisco IOS Software and Cisco IOS XE Software contains a denial of service (DoS) vulnerability in the SSH version 2 (SSHv2) feature. An unauthenticated, remote attacker could exploit this vulnerability by attempting a reverse SSH login with a crafted username. Successful exploitation of this vulnerability could allow an attacker to create a DoS condition by causing the device to reload. Repeated exploits could create a sustained DoS condition.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.1, and 15.2, update to a version that includes the fix for this vulnerability. For Cisco IOS XE versions 2.3.x through 2.6.x and 3.1.xS through 3.4.xS, update to version 3.4.2S or later. As a temporary workaround, consider disabling the SSHv2 service until a patch is available. Restrict access to the SSH server to minimize the risk of exploitation. Avoid using crafted usernames in reverse SSH login attempts until the issue is resolved.