Cisco IOS/ios xe SSHv2 body verification Bypass Vulnerability (CVE-2015-6280)
Cisco IOS/ios xe SSHv2 body verification Bypass Vulnerability (CVE-2015-6280)
Release date:
Updated on:
Affected Systems:
Cisco IOS
Cisco IOS XE
Description:
CVE (CAN) ID: CVE-2015-6280
Cisco IOS is an interconnected network operating system used on most Cisco system routers and network switches.
Cisco IOS and ios xe Software have a security vulnerability in SSHv2. unauthenticated remote attackers can exploit this vulnerability to bypass user authentication.
<* Source: Cisco
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20150923-sshpk) and patches for this:
Cisco-sa-20150923-sshpk: Cisco IOS and ios xe Software SSH Version 2 RSA-Based User Authentication Bypass Vulnerability
Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
This article permanently updates the link address: