Guest

Preview Tool

Cisco Bug: CSCvg56762 - Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability

Last Modified

Sep 08, 2020

Products (1)

  • Cisco Catalyst 3650 Series Switches

Known Affected Releases

15.2(3)E 15.2(3)E5

Description (partial)

Symptom:
A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-tsec

Conditions:
For information on fixed versions of software consult the Cisco IOS Software checker:

    https://tools.cisco.com/security/center/softwarechecker.x 

See Vulnerable Products Section of the advisory for full details:

    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-tsec#vp

Related Community Discussions

<key>CSCvg56762</key> - Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability
Good morning Advisory informs: &quot; At the time of publication, this vulnerability affected Cisco routers running a vulnerable release of Cisco IOS or IOS XE Software with the RADIUS Change of Authorization feature configured&quot;   and also &quot;there's no workaroud&quot; . How can I check in IOS-XE if this ' RADIUS Change of Authorization feature&quot; is really configured or active on device?   Regards   Christian
Latest activity: Jan 09, 2020
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.