A vulnerability in the RADIUS client feature of Cisco IOS Software could allow an authenticated, remote malicious user to cause a reload of the affected device. The vulnerability is due to improper parsing of malformed RADIUS packets returned by a RADIUS server. An attacker could exploit this vulnerability by configuring a RADIUS server with a shared RADIUS secret and returning malformed answers back to a RADIUS client on an affected Cisco device. An exploit could allow the malicious user to cause a reload of the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151005-ios-radius
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco ios 15.4\\(3\\)m2.2 |