CVE-2012-0386
The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.
| Software | From | Fixed in |
|---|---|---|
| cisco / ios | 15.1 | 15.1.x |
| cisco / ios | 15.0 | 15.0.x |
| cisco / ios | 12.4 | 12.4.x |
| cisco / ios | 12.2 | 12.2.x |
| cisco / ios | 15.2 | 15.2.x |
| cisco / ios_xe | 2.5.0 | 2.5.0.x |
| cisco / ios_xe | 2.6.1 | 2.6.1.x |
| cisco / ios_xe | 2.3.1t | 2.3.1t.x |
| cisco / ios_xe | 3.2.0s | 3.2.0s.x |
| cisco / ios_xe | 2.4.2 | 2.4.2.x |
| cisco / ios_xe | 2.4.0 | 2.4.0.x |
| cisco / ios_xe | 2.4.4 | 2.4.4.x |
| cisco / ios_xe | 2.3.0 | 2.3.0.x |
| cisco / ios_xe | 2.5.1 | 2.5.1.x |
| cisco / ios_xe | 2.6.2 | 2.6.2.x |
| cisco / ios_xe | 2.4.1 | 2.4.1.x |
| cisco / ios_xe | 2.3.2 | 2.3.2.x |
| cisco / ios_xe | 2.3 | 2.3.x |
| cisco / ios_xe | 2.6.0 | 2.6.0.x |
| cisco / ios_xe | 3.2.1s | 3.2.1s.x |
| cisco / ios_xe | 3.1.0sg | 3.1.0sg.x |
| cisco / ios_xe | 3.1.2s | 3.1.2s.x |
| cisco / ios_xe | 3.4.0s | 3.4.0s.x |
| cisco / ios_xe | 3.1.1s | 3.1.1s.x |
| cisco / ios_xe | 3.2.2s | 3.2.2s.x |
| cisco / ios_xe | 3.1.0s | 3.1.0s.x |
| cisco / ios_xe | 3.1.4s | 3.1.4s.x |
| cisco / ios_xe | 2.4 | 2.4.x |
| cisco / ios_xe | 3.3.0s | 3.3.0s.x |
| cisco / ios_xe | 2.4.3 | 2.4.3.x |
| cisco / ios_xe | 2.5.2 | 2.5.2.x |
| cisco / ios_xe | 3.1.3s | 3.1.3s.x |
| cisco / ios_xe | 3.1.1sg | 3.1.1sg.x |
| cisco / ios_xe | 2.3.1 | 2.3.1.x |
- http://osvdb.org/80695
- http://secunia.com/advisories/48609
- http://secunia.com/advisories/48641
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-ssh
- http://www.securityfocus.com/bid/52752
- http://www.securitytracker.com/id?1026866
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74404
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime