• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability

Severity: HIGH

Description:

Cisco Catalysts are a line of high speed switches typically implemented in local area networks.

Software versions 6.1(1), 6.1(1a) and 6.1(1b) for Catalyst 4000, 5000, and 6000 devices that support SSH and 3 DES encryption contain a vulnerability that may allow an attacker to cause a denial of service.

If a connection is made to the SSH service on a vulnerable Catalyst device and the protocol mismatch error occurs, the device will be reset. This is due to the supervisor engine failing, not being able to handle the error. The result is that the device is reset and will not pass traffic, causing a denial of service to any networks relying on the Catalyst.

The images that contain this vulnerability are:

cat4000-k9.6-1-1.bin
cat5000-sup3cvk9.6-1-1a.bin
cat5000-sup3k9.6-1-1.bin
cat5000-supgk9.6-1-1.bin
cat6000-sup2cvk9.6-1-1b.bin
cat6000-sup2k9.6-1-1b.bin
cat6000-supcvk9.6-1-1b.bin
cat6000-supk9.6-1-1b.bin

The SSH service is disabled by default and must be manually enabled by an administrator. This bug is exploitable only in vulnerable systems where the SSH service is enabled.

Additionally, it should be noted that the distribution of these particular software versions was limited.

Affected Products:

• Cisco Catalyst 4000 6.1.0(1)
• Cisco Catalyst 4000 6.1.0(1a)
• Cisco Catalyst 4000 6.1.0(1b)
• Cisco Catalyst 5000 6.1.0(1)
• Cisco Catalyst 5000 6.1.0(1a)
• Cisco Catalyst 5000 6.1.0(1b)
• Cisco Catalyst 6000 6.1.0(1)
• Cisco Catalyst 6000 6.1.0(1a)
• Cisco Catalyst 6000 6.1.0(1b)

References:

• Cisco: Cisco Security Advisory: Cisco Catalyst SSH Protocol Mismatch Vulnerability
• Cisco Systems: Cisco Product Security Incident Response

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.