Boletines de Vulnerabilidades

Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability

Información sobre el sistema
   
Software afectado Cisco

Descripción
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IOS%20XE%20Software%20Auxiliary%20Asynchronous%20Port%20Denial%20of%20Service%20Vulnerability&vs_k=1

Identificadores estándar
Propiedad Valor
CVE CVE-2024-20309.

Histórico de versiones
Versión Comentario Fecha

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT