Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco IOS and IOS XE Software TACACS+ Client Denial of Service Vulnerability
Vulnerability Description
A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of crafted TACACS+ response packets by the affected software. An attacker could exploit this vulnerability by injecting a crafted TACACS+ packet into an existing TACACS+ session between an affected device and a TACACS+ server or by impersonating a known, valid TACACS+ server and sending a crafted TACACS+ packet to an affected device when establishing a connection to the device. To exploit this vulnerability by using either method, the attacker must know the shared TACACS+ secret and the crafted packet must be sent in response to a TACACS+ request from a TACACS+ client. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Cisco IOS Software和IOS XE Software TACACS+客户端子系统输入验证漏洞
Vulnerability Description
Cisco IOS Software和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。TACACS+是其中的一个终端访问控制子系统。 Cisco IOS Software和IOS XE Software中的TACACS+客户端子系统存在输入验证漏洞,该漏洞源于受影响的软件没有正确地处理特制的TACACS+响应数据包。远程攻击者可通过向受影响设备和TACACS+服务器之间已存在的TACACS+会话注入特制的TACACS+数据包或伪造已知有效的TACACS+服务器并向受
CVSS Information
N/A
Vulnerability Type
N/A