16.11.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

nessus

NVD

Published: 2019-09-25

Updated: 2020-10-08

Summary

A vulnerability in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec, a feature within Cisco IOS XE Software, could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of a malformed packet. An attacker could exploit this vulnerability by sending a malformed packet to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco IOS 15.2\(3\)E Cisco IOS 15.2\(3\)E5 Cisco IOS 16.11.1	3
Hardware	Cisco Cisco Catalyst 3560 - Cisco Catalyst 3560 E - Cisco Catalyst 3560 X -	3

Nessus

NASL family	CISCO
NASL id	CISCO-SA-20190925-TSEC-IOSXE.NASL
description	A denial of service (DoS) vulnerability exists in the RADIUS Change of Authorization (CoA) code of Cisco TrustSec within Cisco IOS XE software due to improper handling of malformed packet. An unauthenticated, remote attacker can exploit this issue, via sending a malformed packet to an affected device, to cause the DoS condition on an affected device. Please see the included Cisco BIDs and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-05-09
modified	2019-10-15
plugin id	129943
published	2019-10-15
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/129943
title	Cisco IOS XE Software Change of Authorization DoS (cisco-sa-20190925-tsec)

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-tsec