Cisco Systems Inc. Information for VU#13877
Weak CRC allows packet injection into SSH sessions encrypted with block ciphers
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Cisco has published an advisory regarding this issue; for more information, please visit
Please note that this vulnerability is seperate from the issue described in VU#945216
(SSH CRC32 attack detection code contains remote integer overflow). This vulnerability exists in a patch produced by CORE-SDI to address VU#13877
If you have feedback, comments, or additional information about this vulnerability, please send us email.