Cisco IOS XE Software TrustSec Protected Access Credential Provisioning Denial of Service Vulnerability

Vulnerability

The vulnerability resides in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software. It is due to improper validation of attributes in RADIUS messages. An unauthenticated, remote attacker can exploit this by sending a malicious RADIUS message to an affected device while the device is in a specific state, such as during PAC provisioning. Affected versions include Cisco IOS XE Software releases prior to the first fixed releases listed in the Cisco advisory [1].

Exploitation

An attacker does not require authentication or prior access to the device. The attacker must be able to send a crafted RADIUS message to the target device while the device is in a specific state (e.g., processing PAC provisioning). The exact sequence involves sending a malicious RADIUS message that triggers the improper validation, leading to a device reload. No user interaction is needed [1].

Impact

Successful exploitation causes a reload of the affected device, resulting in a denial of service (DoS) condition. The attacker gains no code execution, data access, or persistent compromise; the impact is limited to temporary service disruption [1].

Mitigation

Cisco has released software updates to address this vulnerability. For detailed information about affected and fixed software releases, consult the Cisco Security Advisory [1] and use the Cisco IOS Software Checker. No workarounds are available. Customers should upgrade to a fixed release as soon as possible [1].