====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN271
_____________________________________________________________________

DATE                : 21/09/2017

HARDWARE PLATFORM(S): Cisco Small Business 300 Series Managed Switches,
             Cisco Small Business 500 Series Stackable Managed Switches,
                      Cisco 350 Series Managed Switches,
                      Cisco 350X Series Stackable Managed Switches,
                      Cisco 550X Series Stackable Managed Switches,
                      Cisco ESW2 Series Advanced Switches.

OPERATING SYSTEM(S): Cisco Small Business Managed Switches software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
____________________________________________________________________

Cisco Security Advisory: Cisco Small Business Managed Switches Denial of
Service Vulnerability

Advisory ID: cisco-sa-20170920-sbms

Revision: 1.0

For Public Release: 2017 September 20 16:00 GMT

Last Updated: 2017 September 20 16:00 GMT

CVE ID(s): CVE-2017-6720

CVSS Score v(3): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small
Business Managed Switches software could allow an authenticated, remote
attacker to cause a reload of the affected switch, resulting in a
denial of service (DoS) condition.

The vulnerability is due to improper processing of SSH connections. An
attacker could exploit this vulnerability by logging in to an affected
switch via SSH and sending a malicious SSH message.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-sbms"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================