CVE-2008-0536

Cisco Service Control Engine < 3.1.6 - Authentication Bypass

Title source: rule

Description

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.

References (11)

[Vendor Advisory] http://secunia.com/advisories/30316

[Vendor Advisory] http://secunia.com/advisories/30590

[Patch] http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml

[Various Sources] http://www.icon-labs.com/news/read.asp?newsID=77

[US Government Resource] http://www.kb.cert.org/vuls/id/626979

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/1604/references

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/1774/references

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42566

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29316

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/29609

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1020074

Scores

EPSS 0.0267

EPSS Percentile 85.6%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

cisco/service_control_engine < 3.1.6

cisco/service_control_engine

icon-labs/iconfidant_ssh < 2.3.7

Timeline

Published May 22, 2008

Tracked Since Feb 18, 2026