Cisco Service Control Engine Denial of Service Vulnerabilities
cisco-sa-20080521-sce · High · Published · Updated
Three Secure Shell (SSH) vulnerabilities exist in the Cisco Service Control Engine (SCE) that may result in system instability or a reload of the SCE. The first vulnerability may be triggered during SSH login activity that is conducted within aggressive time frames. The second vulnerability may be triggered with normal SSH login activity in combination with other SCE management actions occurring simultaneously. The third vulnerability may be triggered during SSH login and is specific to the usage of unique invalid authentication credentials. Cisco has made free upgrade software available to address these vulnerabilities for affected customers. There are no workarounds for these vulnerabilities. Note: These vulnerabilities are independent of each other; a device may be affected by one vulnerability and not by the others. This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080521-sce.