Cisco IOS XE Software ISDN Data Leak Vulnerability
Description
Cisco IOS XE Software for 4000 Series ISRs allows unauthenticated adjacent attackers to bypass PPP authentication on ISDN channels and pass IPv4 traffic for a few seconds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco IOS XE Software for 4000 Series ISRs allows unauthenticated adjacent attackers to bypass PPP authentication on ISDN channels and pass IPv4 traffic for a few seconds.
Vulnerability
The vulnerability resides in the Dialer interface feature for ISDN connections in Cisco IOS XE Software running on Cisco 4000 Series Integrated Services Routers. It is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An unauthenticated, adjacent attacker can trigger the issue by making an ISDN call to an affected device. Alternatively, an unauthenticated, remote attacker can exploit the vulnerability if the device is configured with both a Dialer interface and a Basic Rate Interface (BRI) and the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. Affected versions include Cisco IOS XE Software releases prior to the first fixed release as detailed in the Cisco Security Advisory [1].
Exploitation
To exploit the vulnerability, an adjacent attacker initiates an ISDN call to the affected device and sends IPv4 traffic through the ISDN channel before successful PPP authentication completes. Alternatively, a remote attacker can send traffic through an affected device that is configured to exit via an ISDN connection where the Dialer interface and BRI are configured but the CHAP password mismatches. No authentication is required for either scenario. The attack window is limited to the period from initial ISDN call setup until PPP authentication fails [1].
Impact
A successful exploit allows the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds. This could lead to unauthorized data transmission or information disclosure during that brief window. The attacker does not gain persistent access or elevated privileges, but the vulnerability enables a temporary bypass of PPP authentication [1].
Mitigation
Cisco has released software updates to address this vulnerability. Customers should upgrade to the fixed release as specified in the Cisco Security Advisory [1]. No workarounds are available. The advisory provides a Cisco IOS Software Checker tool to identify affected releases and the first fixed release. Users are advised to consult the advisory for complete details [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-isdn-data-leakmitrevendor-advisoryx_refsource_CISCO
News mentions
0No linked articles in our index yet.