Vulnerability-Lookup

FKIE_CVE-2008-0535

Vulnerability from fkie_nvd - Published: 2008-05-22 13:09 - Updated: 2025-04-09 00:30

Severity ?

Summary

Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via "SSH credentials that attempt to change the authentication method," aka Bug ID CSCsm14239.

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/30316	Vendor Advisory
psirt@cisco.com	http://secunia.com/advisories/30590	Vendor Advisory
psirt@cisco.com	http://securitytracker.com/id?1020074
psirt@cisco.com	http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml	Patch
psirt@cisco.com	http://www.icon-labs.com/news/read.asp?newsID=77
psirt@cisco.com	http://www.kb.cert.org/vuls/id/626979	US Government Resource
psirt@cisco.com	http://www.securityfocus.com/bid/29316
psirt@cisco.com	http://www.securityfocus.com/bid/29609
psirt@cisco.com	http://www.vupen.com/english/advisories/2008/1604/references	Vendor Advisory
psirt@cisco.com	http://www.vupen.com/english/advisories/2008/1774/references	Vendor Advisory
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/42567
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30316	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30590	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1020074
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.icon-labs.com/news/read.asp?newsID=77
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/626979	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29316
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/29609
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1604/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1774/references	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/42567

Impacted products

	Vendor	Product	Version
	cisco	service_control_engine	*
	icon-labs	iconfidant_ssh	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:service_control_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2AA0D7-4859-4DDB-87C9-AC92EEE85BCD",
              "versionEndIncluding": "3.1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icon-labs:iconfidant_ssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1863D250-A98A-48FB-AFD1-8A73FC6F18CF",
              "versionEndIncluding": "2.3.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via \"SSH credentials that attempt to change the authentication method,\" aka Bug ID CSCsm14239."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad no especificada en el servidor SSH en (1) Cisco Service Control Engine (SCE) versiones anteriores a 3.1.6, y (2) Icon Labs Iconfidant SSH versiones anteriores a 2.3.8, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (inestabilidad del dispositivo) por medio de \"SSH credentials that attempt to change the authentication method,\" tambi\u00e9n se conoce como ID de Bug CSCsm14239."
    }
  ],
  "id": "CVE-2008-0535",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-05-22T13:09:00.000",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30316"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30590"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://securitytracker.com/id?1020074"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.icon-labs.com/news/read.asp?newsID=77"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/626979"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/29316"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/29609"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1604/references"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1774/references"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30590"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1020074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.icon-labs.com/news/read.asp?newsID=77"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/626979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/29609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1604/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/1774/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-0535 (GCVE-0-2008-0535)

Vulnerability from cvelistv5 – Published: 2008-05-22 10:00 – Updated: 2024-08-07 07:46

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://secunia.com/advisories/30316	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1774…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/30590	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/29609	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/626979	third-party-advisoryx_refsource_CERT-VN
	http://www.icon-labs.com/news/read.asp?newsID=77	x_refsource_CONFIRM
	http://www.cisco.com/en/US/products/products_secu…	vendor-advisoryx_refsource_CISCO
	http://securitytracker.com/id?1020074	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/29316	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/1604…	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:46:55.122Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "30316",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30316"
          },
          {
            "name": "ADV-2008-1774",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1774/references"
          },
          {
            "name": "30590",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30590"
          },
          {
            "name": "29609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29609"
          },
          {
            "name": "VU#626979",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/626979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.icon-labs.com/news/read.asp?newsID=77"
          },
          {
            "name": "20080521 Cisco Service Control Engine Denial of Service Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml"
          },
          {
            "name": "1020074",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1020074"
          },
          {
            "name": "29316",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/29316"
          },
          {
            "name": "cisco-sce-ssh-credentials-dos(42567)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567"
          },
          {
            "name": "ADV-2008-1604",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1604/references"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via \"SSH credentials that attempt to change the authentication method,\" aka Bug ID CSCsm14239."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "30316",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30316"
        },
        {
          "name": "ADV-2008-1774",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1774/references"
        },
        {
          "name": "30590",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30590"
        },
        {
          "name": "29609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29609"
        },
        {
          "name": "VU#626979",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/626979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.icon-labs.com/news/read.asp?newsID=77"
        },
        {
          "name": "20080521 Cisco Service Control Engine Denial of Service Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml"
        },
        {
          "name": "1020074",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1020074"
        },
        {
          "name": "29316",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/29316"
        },
        {
          "name": "cisco-sce-ssh-credentials-dos(42567)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567"
        },
        {
          "name": "ADV-2008-1604",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1604/references"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2008-0535",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (device instability) via \"SSH credentials that attempt to change the authentication method,\" aka Bug ID CSCsm14239."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "30316",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30316"
            },
            {
              "name": "ADV-2008-1774",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1774/references"
            },
            {
              "name": "30590",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30590"
            },
            {
              "name": "29609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29609"
            },
            {
              "name": "VU#626979",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/626979"
            },
            {
              "name": "http://www.icon-labs.com/news/read.asp?newsID=77",
              "refsource": "CONFIRM",
              "url": "http://www.icon-labs.com/news/read.asp?newsID=77"
            },
            {
              "name": "20080521 Cisco Service Control Engine Denial of Service Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml"
            },
            {
              "name": "1020074",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1020074"
            },
            {
              "name": "29316",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/29316"
            },
            {
              "name": "cisco-sce-ssh-credentials-dos(42567)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42567"
            },
            {
              "name": "ADV-2008-1604",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1604/references"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2008-0535",
    "datePublished": "2008-05-22T10:00:00",
    "dateReserved": "2008-01-31T00:00:00",
    "dateUpdated": "2024-08-07T07:46:55.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2008-0535

CVE-2008-0535 (GCVE-0-2008-0535)

Tags

Sightings

Nomenclature