CVE-2024-20309
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/03/2024
Last modified:
30/07/2025
Description
A vulnerability in auxiliary asynchronous port (AUX) functions of Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload or stop responding.<br />
<br />
This vulnerability is due to the incorrect handling of specific ingress traffic when flow control hardware is enabled on the AUX port. An attacker could exploit this vulnerability by reverse telnetting to the AUX port and sending specific data after connecting. A successful exploit could allow the attacker to cause the device to reset or stop responding, resulting in a denial of service (DoS) condition.
Impact
Base Score 3.x
5.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:ios_xe:3.2.0se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.2.1se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.2.2se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.2.3se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.0se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.0sq:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.1se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.1sq:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.2se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.3se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.4se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.3.5se:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.4.0sq:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.4.1sq:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ios_xe:3.5.0sq:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page