Cisco IOS 15.5(3)m Denial Of Service Vulnerability
22 Jul. 2016
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
A vulnerability in the handling of Secure Shell (SSH) TCP packets in the Cisco Integrated Services Routers (ISR) models 800, 819, and 829, could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to low memory on the device.
The vulnerability is due to the handling of out-of-order, or otherwise invalid, TCP packets on an SSH connection to the device. An attacker could exploit this vulnerability by connecting via SSH to the device and then crafting TCP packets which are out of order or have invalid flags. An exploit could allow the attacker to cause the device to report low-memory warnings which could in turn cause a partial DoS condition.
Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.