CVE-2024-20309Signal Handler with Functionality that is not Asynchronous-Safe in Cisco IOS XE Software

CWE-828Signal Handler with Functionality that is not Asynchronous-Safe4 documents4 sources
Severity
5.5MEDIUMNVD
CNA5.6
EPSS
0.0%
top 89.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 27

Description

A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software343 versions+342
NVDcisco/ios_xe343 versions+342

🔴Vulnerability Details

2
CVEList
CVE-2024-20309: A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affec2024-03-27
GHSA
GHSA-p2c3-pjg6-q385: A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affec2024-03-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Auxiliary Asynchronous Port Denial of Service Vulnerability2024-03-27
CVE-2024-20309 — Cisco IOS XE Software vulnerability | cvebase