SSH.CRC32.Compensation.Attack
Description
It indicates an overflow vulnerability in a Secure Shell (SSH) implementation.
SSH is used to remotely connect systems over encrypted TCP sessions. Due to a flaw in the CRC32 compensation attack detection, an attacker can execute arbitrary commands on a target by sending a specially-crafted packet to the SSH daemon.
Affected Products
The following systems are vulnerable to the attack:
OpenSSH prior to version 2.2.
SSH Secure Communications prior to 1.2.31
Cisco IOS 12.1, 12.2
Impact
Attackers gain root privileges on the victim system and can execute arbitrary commands.
Recommended Actions
Upgrade the system to the latest non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |