Details of VAR-201001-0192

ID

VAR-201001-0192

CVE

CVE-2010-0137

TITLE

Cisco IOS XR SSH Protocol Implementation Remote Denial of Service Vulnerability

Trust: 0.9

sources: CNNVD: CNNVD-201001-219 // BID: 37878

DESCRIPTION

Unspecified vulnerability in the sshd_child_handler process in the SSH server in Cisco IOS XR 3.4.1 through 3.7.0 allows remote attackers to cause a denial of service (process crash and memory consumption) via a crafted SSH2 packet, aka Bug ID CSCsu10574. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCsu10574. CVE ID : CVE-2010-0137 Cisco IOS XR Software Is the US Cisco ( Cisco )the company's IOS Software series (including IOS T , IOS S with IOS XR ) Is a completely modular and distributed network operating system. During this event, a large amount of memory will be exhausted, and repeated attacks may affect other system functions, depending on the amount of available memory and the duration of the attack. Although user authentication is not required to exploit this vulnerability, it must be completed TCP Triple handshake, and there must be some SSH Agreement negotiation. SSH The service can continue to operate normally after the attack

Trust: 1.98

sources: NVD: CVE-2010-0137 // JVNDB: JVNDB-2010-003772 // BID: 37878 // VULHUB: VH-CVE-2010-0137

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.2	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.2	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.1	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.3	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.3	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.1	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.5.4	Trust: 1.9
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7.0	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.4.1 to 3.7.0	Trust: 0.8
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.8.1	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.7	Trust: 0.3
vendor:	cisco	model:	ios xr	scope:	eq	version:	3.6	Trust: 0.3

sources: NVD: CVE-2010-0137 // CNNVD: CNNVD-201001-219 // JVNDB: JVNDB-2010-003772 // BID: 37878

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2010-0137
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201001-219
value:	HIGH
Trust: 0.6
VUL-HUB:	VH-CVE-2010-0137
value:	HIGH RISK
Trust: 0.1

NVD:	CVE-2010-0137
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8
VULHUB:	VH-CVE-2010-0137
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: NVD: CVE-2010-0137 // CNNVD: CNNVD-201001-219 // JVNDB: JVNDB-2010-003772 // VULHUB: VH-CVE-2010-0137

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2010-0137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201001-219

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201001-219

CONFIGURATIONS

sources: NVD: CVE-2010-0137

EXPLOIT AVAILABILITY

sources: VULHUB: VH-CVE-2010-0137

PATCH

title:

cisco-sa-20100120-xr-ssh

url:

http://www.cisco.com/en/us/products/csa/cisco-sa-20100120-xr-ssh.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-003772

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0137	Trust: 2.8
db:	BID	id:	37878	Trust: 1.9
db:	VUPEN	id:	ADV-2010-0183	Trust: 1.6
db:	SECUNIA	id:	38227	Trust: 1.6
db:	JVNDB	id:	JVNDB-2010-003772	Trust: 0.8
db:	CNNVD	id:	CNNVD-201001-219	Trust: 0.7
db:	XF	id:	55767	Trust: 0.6
db:	SECTRACK	id:	1023480	Trust: 0.6
db:	NSFOCUS	id:	14381	Trust: 0.6
db:	CISCO	id:	20100120 CISCO IOS XR SOFTWARE SSH DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VH-CVE-2010-0137	Trust: 0.1

sources: NVD: CVE-2010-0137 // CNNVD: CNNVD-201001-219 // JVNDB: JVNDB-2010-003772 // BID: 37878 // VULHUB: VH-CVE-2010-0137

REFERENCES

url:	http://secunia.com/advisories/38227	Trust: 1.6
url:	http://securitytracker.com/id?1023480	Trust: 1.6
url:	http://www.securityfocus.com/bid/37878	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2010/0183	Trust: 1.6
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a0080b13512.shtml	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/55767	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0137	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0137	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/55767	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/14381	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/warp/public/707/cisco-sa-20100120-xr-ssh.shtml	Trust: 0.3

sources: NVD: CVE-2010-0137 // CNNVD: CNNVD-201001-219 // JVNDB: JVNDB-2010-003772 // BID: 37878

CREDITS

Cisco Security bulletin

Trust: 0.6

sources: CNNVD: CNNVD-201001-219

SOURCES

db:	NVD	id:	CVE-2010-0137
db:	CNNVD	id:	CNNVD-201001-219
db:	JVNDB	id:	JVNDB-2010-003772
db:	BID	id:	37878
db:	VULHUB	id:	VH-CVE-2010-0137

LAST UPDATE DATE

2021-12-18T05:44:03.709000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2010-0137	date:	2017-08-17T01:31:00
db:	CNNVD	id:	CNNVD-201001-219	date:	2010-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2010-003772	date:	2012-06-26T00:00:00
db:	BID	id:	37878	date:	2010-01-20T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0137	date:	2017-08-17T00:00:00

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2010-0137	date:	2010-01-21T22:30:00
db:	CNNVD	id:	CNNVD-201001-219	date:	2010-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-003772	date:	2012-06-26T00:00:00
db:	BID	id:	37878	date:	2010-01-20T00:00:00
db:	VULHUB	id:	VH-CVE-2010-0137	date:	2010-01-21T00:00:00