CVE-2002-1358Improper Input Validation in Cisco IOS

CWE-20Improper Input ValidationCWE-234Failure to Handle Missing Parameter8 documents8 sources
Severity
10.0CRITICALNVD
EPSS
4.1%
top 11.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Cisco IOSFissh SSH ClientIntersoft Securenetterm+5 more
Timeline
PublishedDec 23
Latest updateApr 30

Description

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages8 packages

NVDcisco/ios8 versions+7
NVDputty/putty0.48, 0.49, 0.53+2
NVDwinscp/winscp2.0.0
NVDfissh/ssh_client1.0a_for_windows

🔴Vulnerability Details

2
GHSA
GHSA-44gh-mpm8-5jhq: Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of s2022-04-30
CVEList
CVE-2002-1358: Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of s2002-12-17

💥Exploits & PoCs

1
Exploit-DB
HP-UX 10.x - rs.F3000 Unauthorized Access2003-02-12

📋Vendor Advisories

2
Cisco
SSH Malformed Packet Vulnerabilities2002-12-19
Debian
CVE-2002-1358: openssh - Multiple SSH2 servers and clients do not properly handle lists with empty elemen...2002

📐Framework References

1
CWE
Failure to Handle Missing Parameter

💬Community

1
Bugzilla
A number of tomcat issues2007-05-09