CVE-2017-5544 Information

Description

An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device’s SSH service using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs legitimate login attempts via SSH/telnet will be refused resulting in a denial of service; you must restart the device.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.nfcwar.com http://www.securityfocus.com/bid/95708

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.9