https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/4009031#M10377 <P>The command that you are looking for is if "aaa server radius dynamic-author" is configured. The RADIUS implementation on the IOS device won't be listening for COA messages otherwise.</P> Thu, 09 Jan 2020 19:56:02 GMT anchambe 2020-01-09T19:56:02Z https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3990282#M10190 <P>Good morning<BR /><BR />Advisory informs: "<SPAN class="more">At the time of publication, this vulnerability affected Cisco routers running a vulnerable release of Cisco IOS or IOS XE Software with the RADIUS Change of Authorization feature configured" </SPAN></P><P>&nbsp;</P><P>and also "there's no workaroud" .<BR /><BR />How can I check in IOS-XE if this '<SPAN class="more">RADIUS Change of Authorization feature" is really configured or active on device?</SPAN></P><P>&nbsp;</P><P><SPAN class="more">Regards</SPAN></P><P>&nbsp;</P><P><SPAN class="more">Christian</SPAN></P> Wed, 27 Nov 2019 18:14:18 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3990282#M10190 Christian Jorge 2019-11-27T18:14:18Z https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3991636#M10205 <P><SPAN>Read&nbsp;</SPAN><A href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-tsec" target="_self">Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability</A><SPAN>&nbsp;and scroll down to the bottom of the page where one can check if the IOS/IOS-XE is affected by this bug (or not).</SPAN></P> Sun, 01 Dec 2019 08:45:09 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3991636#M10205 Leo Laohoo 2019-12-01T08:45:09Z https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3991671#M10208 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/326026">@Leo Laohoo</a>&nbsp;'s suggestion will tell if your IOS-XE is potentially vulnerable.</P> <P>If you have configured the global command "dot1x system-auth-control" and related interface commands (typically used with ISE or other NAC solution) then the vulnerability is active on your device.</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-xe-3se-3850-cr-book/sec-d1-xe-3se-3850-cr-book_chapter_01.html#wp1782812608" target="_blank">https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-xe-3se-3850-cr-book/sec-d1-xe-3se-3850-cr-book_chapter_01.html#wp1782812608</A></P> Sun, 01 Dec 2019 11:10:54 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/3991671#M10208 Marvin Rhoads 2019-12-01T11:10:54Z https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/4009031#M10377 <P>The command that you are looking for is if "aaa server radius dynamic-author" is configured. The RADIUS implementation on the IOS device won't be listening for COA messages otherwise.</P> Thu, 09 Jan 2020 19:56:02 GMT https://community.cisco.com/t5/cisco-bug-discussions/cscvg56762-cisco-ios-and-ios-xe-software-change-of-authorization/m-p/4009031#M10377 anchambe 2020-01-09T19:56:02Z