CISCO-SA-IOSXE-TLS-DOS-TVGLDEZL

Vulnerable Products:

This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software if they are configured with features that may establish TLS connections, including but not limited to:

Local EAP RadSec Session Aware Networking (SANet) Telemetry

Notes:

HTTPS connections to the web UI are not affected by this vulnerability. The features in the preceding list are not enabled by default.

For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.Products Confirmed Not Vulnerable:

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

IOS Software IOS XR Software NX-OS SoftwareWorkarounds:

There are no workarounds that address this vulnerability.Fixed Software:

Cisco considers any workarounds and mitigations (if applicable) to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory. Cisco IOS and IOS XE Software To help customers determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software, Cisco provides the Cisco Software Checker ["https://sec.cloudapps.cisco.com/security/center/softwarechecker.x"]. This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”).

To use the tool, go to the Cisco...