Description
Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.
Product(s):
- Cisco IOS 12.0S
- Cisco IOS 12.0SX
- Cisco IOS 12.1AX
- Cisco IOS 12.1AZ
- Cisco IOS 12.1DB
- Cisco IOS 12.1DC
- Cisco IOS 12.1E
- Cisco IOS 12.1EA
- Cisco IOS 12.1EB
- Cisco IOS 12.1EC
- Cisco IOS 12.1EU
- Cisco IOS 12.1EW
- Cisco IOS 12.1EX
- Cisco IOS 12.1T
- Cisco IOS 12.1XD
- Cisco IOS 12.1XE
- Cisco IOS 12.1XF
- Cisco IOS 12.1XG
- Cisco IOS 12.1XH
- Cisco IOS 12.1XI
- Cisco IOS 12.1XL
- Cisco IOS 12.1XM
- Cisco IOS 12.1XP
- Cisco IOS 12.1XQ
- Cisco IOS 12.1XR
- Cisco IOS 12.1XT
- Cisco IOS 12.1XU
- Cisco IOS 12.1XV
- Cisco IOS 12.1YA
- Cisco IOS 12.1YB
- Cisco IOS 12.1YC
- Cisco IOS 12.1YD
- Cisco IOS 12.1YE
- Cisco IOS 12.1YF
- Cisco IOS 12.1YH
- Cisco IOS 12.1YI
- Cisco IOS 12.2
- Cisco IOS 12.2B
- Cisco IOS 12.2DD
- Cisco IOS 12.2DX
- Cisco IOS 12.2EU
- Cisco IOS 12.2EW
- Cisco IOS 12.2EWA
- Cisco IOS 12.2EX
- Cisco IOS 12.2S
- Cisco IOS 12.2SE
- Cisco IOS 12.2 SEA
- Cisco IOS 12.2SEB
- Cisco IOS 12.2SU
- Cisco IOS 12.2SV
- Cisco IOS 12.2SX
- Cisco IOS 12.2SXA
- Cisco IOS 12.2SXB
- Cisco IOS 12.2SXD
- Cisco IOS 12.2SY
- Cisco IOS 12.2SZ
- Cisco IOS 12.2T
- Cisco IOS 12.2XA
- Cisco IOS 12.2XC
- Cisco IOS 12.2XF
- Cisco IOS 12.2XN
- Cisco IOS 12.2XS
- Cisco IOS 12.2YE
- Cisco IOS 12.2YK
- Cisco IOS 12.2YO
- Cisco IOS 12.2YX
- Cisco IOS 12.2YZ
- Cisco IOS 12.2ZA
- Cisco IOS 12.3T
- Cisco IOS 12.3XD
- Cisco IOS 12.3XE
- Cisco IOS 12.3XF
- Cisco IOS 12.3XG
- Cisco IOS 12.3XH
- Cisco IOS 12.3XI
- Cisco IOS 12.3XJ
- Cisco IOS 12.3XK
- Cisco IOS 12.3XL
- Cisco IOS 12.3XM
- Cisco IOS 12.3XQ
- Cisco IOS 12.3XR
- Cisco IOS 12.3XS
- Cisco IOS 12.3XU
- Cisco IOS 12.3XW
- Cisco IOS 12.3XX
- Cisco IOS 12.3XY
- Cisco IOS 12.3YA
- Cisco IOS 12.3YD
- Cisco IOS 12.3YF
- Cisco IOS 12.3YG
- Cisco IOS 12.3YH
- Cisco IOS 12.3YJ
- Cisco IOS 12.3YK
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1021, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1021 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.