Operating System:

[Cisco]

Published:

08 March 2013

Protect yourself against future threats.

//Service

Early Warning SMS

Receive SMS notifications for the most critical security threats and vulnerabilities.

Read more
Resources > Security Bulletins > ESB-2013.0351 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0351
        Cisco Small Business Switches SSH Packet Processing Denial
                         of Service Vulnerability
                               8 March 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco Small Business Switches
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-1154  

Original Bulletin: 
   http://tools.cisco.com/security/center/viewAlert.x?alertId=27502

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Small Business Switches SSH Packet Processing Denial of Service 
Vulnerability
 	
Threat Type:		CWE-399: Resource Management Errors
IntelliShield ID:	27502
Version:		1
First Published:	March 06, 2013 01:23 PM EST
Last Published:		March 06, 2013 01:23 PM EST
Vector:			Network
Authentication:		None
Exploit:		Functional
Port:	 		Not Available
CVE:			CVE-2013-1154
Urgency:	 	Unlikely Use	
Credibility:	 	Confirmed	
Severity:	 	Mild Damage	
CVSS Base:		5.0
CVSS Temporal:		4.1
 
Version Summary:	

Cisco Small Business Switches contain a vulnerability that could allow an 
unauthenticated, remote attacker to cause a denial of service condition on a 
targeted device. Updates are available.
 
 
Description

Cisco Small Business Switches contain a vulnerability that could allow an 
unauthenticated, remote attacker to cause a denial of service (DoS) condition 
to features that rely on SSH or SSL protocols.

The vulnerability is due to the processing flaw in malformed packets in the 
code used by SSH and SSL. An unauthenticated, remote attacker could exploit 
this vulnerability by sending malformed SSH or SSL packets to the device. An 
exploit could allow the attacker to cause a denial of service for the features 
requiring SSH or SSL support.

Cisco has confirmed this vulnerability and released updated software.
 
Warning Indicators

The following Cisco Small Business Series Switches are vulnerable:
Cisco Small Business 200 Series Smart Switch versions 1.2.7.76 and prior
Cisco Small Business 300 Series Managed Switch versions 1.2.7.76 and prior
Cisco Small Business 500 Series Stackable Managed Switch version 1.2.7.76 and 
prior
 
IntelliShield Analysis

To exploit this vulnerability, an attacker must be able to send crafted SSH or 
SSL packets to the targeted device which may require the attacker to have 
access to trusted, internal networks, decreasing the likelihood of a 
successful attack.

The vulnerability does not affect the entire device. Features that need the 
SSL/TLS layer to encrypt data such as SSH, HTTPS, and Secure Sensitive Data 
are affected.

Cisco would like to thank Hisashi Kojima and Masahiro Nakada of Fujitsu 
Laboratories LTD for discovering this vulnerability.
 
Vendor Announcements

Cisco has confirmed this vulnerability in the following Cisco bug ID: 
CSCua30246
 
Impact

An unauthenticated, remote attacker could exploit this vulnerability by 
sending crafted SSH or SSL packets to a vulnerable device. Successful 
exploitation could cause features utilizing the SSL/TLS layer on the vulnerable 
device to become unresponsive, resulting in a DoS condition.
 
Technical Information

The vulnerability is due to the improper processing of malformed SSH or SSL 
packets by the affected software. 

An unauthenticated, remote attacker could exploit this vulnerability by sending 
malformed SSH or SSL packets to the targeted device. Successful exploitation 
could allow the attacker to cause a DoS condition for the features requiring 
SSH or SSL support on a targeted device.
 
Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to 
allow only trusted systems to access the affected systems.

Administrators can help protect affected systems from external attacks by 
using a solid firewall strategy.

Administrators are advised to monitor critical systems.
 
Patches/Software

Cisco customers with active contracts can obtain updates through the 
Software Center at the following link: Cisco. Cisco customers without contracts 
can obtain upgrades by contacting the Cisco Technical Assistance Center at 
1-800-553-2447 or 1-408-526-7209 or via e-mail at tac@cisco.com.
 
Alert History
 
Initial Release

Product Sets
 
The security vulnerability applies to the following combinations of products. 

Primary Products:

Cisco	Cisco Small 		1.1 .0.73, .1.8, .2.0 | 1.2 .0.97, .7.76
	Business 200 Series 
	Smart Switches	
Cisco	Cisco Small 		1.1 .0.73, .1.8, .2.0 | 1.2 .0.97, .7.76
	Business 300 Series 
	Managed Switches	
Cisco	Cisco Small 		1.2 .0.97, .7.76
	Business 500 Series 
	Stackable Managed	

Associated Products:

N/A



Alerts and bulletins on the Cisco Security Intelligence Operations Portal are 
highlighted by analysts in the Cisco Threat Operations Center and represent a 
subset of the comprehensive content that is available through Cisco Security 
IntelliShield Alert Manager Service. This customizable threat and vulnerability 
alert service provides security staff with access to timely, accurate, and 
credible information about threats and vulnerabilities that may affect their 
environment. Cisco is pleased to offer a free trial of the service. To register 
for full access, please visit the IntelliShield trial registration page.

LEGAL DISCLAIMER 

The urgency and severity ratings of this alert are not tailored to individual 
users; users may value alerts differently based upon their network 
configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED 
THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF 
GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR 
FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION 
CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN 
RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED 
ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE 
WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT 
ANY TIME.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUTly7O4yVqjM2NGpAQK7Cw//ZpvOmXvnTT0mSJ8cAL9yMeimf3Vt2id9
Hb3TnDT85GQpbjhKR/FRyj0SeANSloT7wobuwzewaPZD5aUgu17rjCkJF+HMoLEW
74s7mu7SGpKRp/YuCGbEbXOdAbO5i0WbpTWalf44F1qohGiDHo4TCe4XUXAJGZVT
BbMNLPZp2ev2X1sUq0SbJcGaPiiUOjNs0h4CwdbUBN2JAB7W18YUjXPrBdekicKf
Vqm8ZIzEfsFqAgJ5qua8o+Q6WcnasZHio2i2aeZlH4Sr1/ZVML9bR2SQNZVn4HS5
WmQ2cEezZ05LPWjFhTpMGkDCPz8zZGBA7w3AtYNkeL+XB33PHUCEYjuOK88DKo8s
VD1GTXIdI1UjOpMUcbj1UwuKD6xh7GaVtdyRd+7DXICmzEVqOw+j0ipZMpwzf0xA
WuU/6b5XSUzvLepwr/Rg/oC6FwTOkmA05TCZ7ZTOXWEpDlP10z14VB7zOdYbafHR
+qVMWrJDe4+d9zfoDu0/a00RO+h/qcubuaDeusFl47FjFwTTT6sJQu6Dj0smRsj5
85a7aui/OTtDIfKSqjbzHShkYCeOir+Vo1eHIMJbcmPO0utRJdD7oICcVxAd76OX
hGD9Z8xpv1o5ezgtj+gbbjPpUe8z1gLBEwLIvIznBFx6AEptca/1wRzNG+VeQU27
rR1NexKZ+7o=
=gX8Q
-----END PGP SIGNATURE-----