Cisco IOS and IOS XE CLI Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the CLI of Cisco IOS and Cisco IOS XE Software. This issue allows an authenticated, local attacker to cause an affected device to reload unexpectedly, leading to a DoS condition. The vulnerability arises from a buffer overflow, which an attacker with a low-privileged account could exploit by sending crafted commands at the CLI prompt.

Impact

Exploitation of this vulnerability causes the affected device to reload, creating a denial-of-service condition.

Remediation

Cisco has released software updates to address this vulnerability. To determine the appropriate update, users can consult the Cisco Software Checker tool, which identifies fixed software releases for specific vulnerabilities. Instructions for using the Cisco Software Checker are available on the Cisco Security Advisories page.