CVE-2024-20309

{"id": "CVE-2024-20309", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.1}]}, "published": "2024-03-27T17:15:52.260", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f", "source": "ykramarz@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aux-333WBz8f", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-828"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.\r\n\r This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition."}, {"lang": "es", "value": "Una vulnerabilidad en las funciones del puerto as\u00edncrono auxiliar (AUX) del software Cisco IOS XE podr\u00eda permitir que un atacante local autenticado provoque que un dispositivo afectado se recargue o deje de responder. Esta vulnerabilidad se debe al manejo incorrecto del tr\u00e1fico de entrada espec\u00edfico cuando el hardware de control de flujo est\u00e1 habilitado en el puerto AUX. Un atacante podr\u00eda aprovechar esta vulnerabilidad realizando telnet inverso al puerto AUX y enviando datos espec\u00edficos despu\u00e9s de conectarse. Un exploit exitoso podr\u00eda permitir que el atacante haga que el dispositivo se reinicie o deje de responder, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "lastModified": "2024-11-21T08:52:19.290", "sourceIdentifier": "ykramarz@cisco.com"}