CVE-2024-20309

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the auxiliary asynchronous port (AUX) functions could allow an authenticated, local attacker to cause an affected device to reload or stop responding. This issue is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this by reverse telnetting to the AUX port and sending specific data after connecting, potentially causing a denial of service (DoS) condition.

Recommendations For all affected versions, update to the latest software version that addresses this vulnerability. As a temporary workaround, consider disabling the flow control hardware on the AUX port until a patch is available. Restrict access to the AUX port to minimize the risk of exploitation. Avoid using reverse telnet to the AUX port until the issue is resolved. Apply the workarounds provided by Cisco to address this vulnerability.