11-27-2019 10:14 AM
Good morning
Advisory informs: "At the time of publication, this vulnerability affected Cisco routers running a vulnerable release of Cisco IOS or IOS XE Software with the RADIUS Change of Authorization feature configured"
and also "there's no workaroud" .
How can I check in IOS-XE if this 'RADIUS Change of Authorization feature" is really configured or active on device?
Regards
Christian
12-01-2019 12:45 AM
Read Cisco IOS and IOS XE Software Change of Authorization Denial of Service Vulnerability and scroll down to the bottom of the page where one can check if the IOS/IOS-XE is affected by this bug (or not).
12-01-2019 03:10 AM
@Leo Laohoo 's suggestion will tell if your IOS-XE is potentially vulnerable.
If you have configured the global command "dot1x system-auth-control" and related interface commands (typically used with ISE or other NAC solution) then the vulnerability is active on your device.
01-09-2020 11:56 AM
The command that you are looking for is if "aaa server radius dynamic-author" is configured. The RADIUS implementation on the IOS device won't be listening for COA messages otherwise.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide