Vulnerability Details : CVE-2008-0536
Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
Vulnerability category: BypassGain privilegeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-0536
Probability of exploitation activity in the next 30 days: 2.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-0536
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-0536
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0536
- http://www.icon-labs.com/news/read.asp?newsID=77
- http://www.cisco.com/en/US/products/products_security_advisory09186a008099bf65.shtml
-
http://www.vupen.com/english/advisories/2008/1604/references
Vendor Advisory
- http://www.securityfocus.com/bid/29609
-
http://www.kb.cert.org/vuls/id/626979
US Government Resource
-
http://www.vupen.com/english/advisories/2008/1774/references
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/42566
- http://securitytracker.com/id?1020074
- http://www.securityfocus.com/bid/29316
Products affected by CVE-2008-0536
- cpe:2.3:a:cisco:service_control_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:service_control_engine:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:icon-labs:iconfidant_ssh:*:*:*:*:*:*:*:*