Cisco Stackable Managed Switch SSH Subsystem Message memory corruption

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Cisco Stackable Managed Switch (the affected version is unknown). It has been declared as problematic. This vulnerability affects an unknown functionality of the component SSH Subsystem. It is possible to mitigate the problem by applying the configuration setting .Proper firewalling of tcp/22 (ssh) is able to address this issue. The best possible mitigation is suggested to be the change of configuration settings.

Field09/21/2017 09:39 PM11/18/2019 03:19 PM01/13/2021 06:17 PM
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iNNN
cvss3_vuldb_aLLL
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prNNN
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cNNN
cvss3_nvd_iNNN
cvss3_nvd_aHHH
date1505952000 (09/21/2017)1505952000 (09/21/2017)1505952000 (09/21/2017)
locationWebsiteWebsiteWebsite
typeAdvisoryAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbmshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbmshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
identifiercisco-sa-20170920-sbmscisco-sa-20170920-sbmscisco-sa-20170920-sbms
price_0day$0-$5k$0-$5k$5k-$25k
nameConfigConfigConfig
firewalling_porttcp/22 (ssh)tcp/22 (ssh)tcp/22 (ssh)
cveCVE-2017-6720CVE-2017-6720CVE-2017-6720
cve_assigned148901760014890176001489017600
cve_nvd_published150595200015059520001505952000
cve_nvd_summaryA vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Business Managed Switches software could allow an authenticated, remote attacker to cause a reload of the affected switch, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SSH connections. An attacker could exploit this vulnerability by logging in to an affected switch via SSH and sending a malicious SSH message. This vulnerability affects the following Cisco products when SSH is enabled: Small Business 300 Series Managed Switches, Small Business 500 Series Stackable Managed Switches, 350 Series Managed Switches, 350X Series Stackable Managed Switches, 550X Series Stackable Managed Switches, ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvb48377.
securityfocus100933100933100933
securityfocus_titleMultiple Cisco Products CVE-2017-6720 Denial of Service VulnerabilityMultiple Cisco Products CVE-2017-6720 Denial of Service VulnerabilityMultiple Cisco Products CVE-2017-6720 Denial of Service Vulnerability
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlWWW
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlWWW
cvss3_vuldb_rcCCC
0day_days111
cvss3_nvd_basescore7.57.57.5
vendorCiscoCiscoCisco
nameStackable Managed SwitchStackable Managed SwitchStackable Managed Switch
componentSSH SubsystemSSH SubsystemSSH Subsystem
input_typeMessageMessageMessage
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
risk111
cvss2_vuldb_basescore3.53.53.5
cvss2_vuldb_tempscore3.33.33.3
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciNNN
cvss2_vuldb_iiNNN
cvss2_vuldb_aiPPP
cvss2_nvd_avNNN
cvss2_nvd_acLLL
cvss2_nvd_auNNN
cvss2_nvd_ciNNN
cvss2_nvd_iiNNN
cvss2_nvd_aiPPP
cvss3_meta_basescore5.95.95.9
cvss3_meta_tempscore5.75.75.7
cvss3_vuldb_basescore4.34.34.3
cvss3_vuldb_tempscore4.24.24.2
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
confirm_urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbmshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
securityfocus_date1505865600 (09/20/2017)1505865600 (09/20/2017)
securityfocus_classDesign ErrorDesign Error
discoverydate15058656001505865600
person_nameAlessandro Celestra
cvss2_nvd_basescore5.0

Interested in the pricing of exploits?

See the underground prices here!