Vulnerability Note VU#290140
Multiple Cisco products consume excessive CPU resources in response to large SSH packets
Multiple Cisco networking products contain a denial-of-service vulnerability.
Multiple Cisco networking products contain a vulnerability that allows large SSH packets to cause excessive consumption of CPU resources. In some circumstances, this resource consumption may cause the affected device to reboot.
This vulnerability is a side effect of a Cisco patch for VU#13877, an SSH packet injection vulnerability. Please note that this patch does not contain the integer overflow vulnerability described in VU#945216. However, according to Cisco's Security Advisory, this denial-of-service vulnerability may be triggered by attempts to exploit VU#945216.
Remote attackers may conduct denial-of-service attacks against affected devices.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||27 Jun 2002||28 Jun 2002|
CVSS Metrics (Learn More)
- VU#13877, VU#945216
This document was written by Jeffrey P. Lanza and is based on information provided by Cisco.
- CVE IDs: CAN-2002-1024
- Date Public: 27 Jun 2002
- Date First Published: 27 Jun 2002
- Date Last Updated: 12 Dec 2002
- Severity Metric: 21.09
- Document Revision: 9
If you have feedback, comments, or additional information about this vulnerability, please send us email.