CVE-2008-0536 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2008-0536?

CVE-2008-0536 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0536?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Service Control Engine, Icon-Labs Iconfidant Ssh.

Vulnerability Description

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Service Control Engine	<= 3.1.6
Icon-Labs	Iconfidant Ssh	<= 2.3.7

Related Weaknesses (CWE)

CWE-287

References

http://secunia.com/advisories/30316Vendor Advisory
http://secunia.com/advisories/30590Vendor Advisory
http://securitytracker.com/id?1020074
http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.sPatch
http://www.icon-labs.com/news/read.asp?newsID=77
http://www.kb.cert.org/vuls/id/626979US Government Resource
http://www.securityfocus.com/bid/29316
http://www.securityfocus.com/bid/29609
http://www.vupen.com/english/advisories/2008/1604/referencesVendor Advisory
http://www.vupen.com/english/advisories/2008/1774/referencesVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42566
http://secunia.com/advisories/30316Vendor Advisory
http://secunia.com/advisories/30590Vendor Advisory
http://securitytracker.com/id?1020074
http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.sPatch

FAQ

What is CVE-2008-0536?

CVE-2008-0536 is a vulnerability with a CVSS score of 7.8 (HIGH). Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers ...

How severe is CVE-2008-0536?

CVE-2008-0536 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0536?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Service Control Engine, Icon-Labs Iconfidant Ssh.