EUVD-2026-15426
GHSA-xp4f-63f5-wmm9
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Lifecycle Timeline
3Tags
Description
A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to improper management of memory resources during TLS connection setup. An attacker could exploit this vulnerability by repeatedly triggering the conditions that cause the memory increase. This could be done in a variety of ways, such as by repeatedly attempting Extensible Authentication Protocol (EAP) authentication when local EAP is enabled on an affected device or by using a machine-in-the-middle attack and resetting TLS connections between the affected device and other devices. A successful exploit could allow the attacker to exhaust the available memory on an affected device, resulting in an unexpected reload and a denial of service (DoS) condition.
Analysis
Memory exhaustion in Cisco IOS XE and Apple devices via improper TLS resource handling allows adjacent attackers to trigger denial of service by repeatedly initiating failed authentication or manipulating TLS connections. An unauthenticated attacker can exploit this by resetting TLS sessions or abusing EAP authentication mechanisms to deplete device memory without requiring network access from the internet. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Cisco IOS XE devices and determine exposure; disable EAP authentication where not operationally critical. Within 7 days: Implement network segmentation to restrict adjacent network access to affected devices; deploy monitoring for repeated TLS connection failures. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today