Executive Summary
Summary | |
---|---|
Title | Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170320-ani | First vendor Publication | 2017-03-20 |
Vendor | Cisco | Last vendor Modification | 2017-03-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.1 | Attack Range | Adjacent network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 6.5 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature Configured as an autonomic registrar Has a whitelist configured An exploit could allow the attacker to cause the affected device to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"] Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6"]. BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJYz/8xZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlp1w/9FoB7KLBY6+wq75nR JbfkdDoeZUcYrz8DyY5vqJymCkGMLtAqWJryS4aShZ2DfiPbIlagtr9Odlf//1oF PT3aUESHa/do2QsuGC3QNds3He6t9QBD/Gz0daCnu5OOlvfhGM3SkvxIV21j5S9d KLj4afL8vTr6360CxG93Zkr2U5h8WT0nGYem1nF7rFprZjV/oWpT5gXZY8VfZpxx ge56MnanxBrzAnOKLEairVF4CD0/Y5jzt4wmYln3k6KJBQRg4M2dVBZ83CvWnTAx sWFQVFPKwwfrfUIXbCbeur902QCT2e2343Kj3SItPCUldCOp2kdL1X0xkJb+suyd eB4A2TP3df+pBRetAwPK9yf/+6ko/bKAx2DLYEACoPcCaYFHWSRu8QeHHSmtwU1Z pb273iRCKpM8Rd1WWHtWL6IkyJ27BkbTG+UQEMfZ5iDbXSuiuYkWZEgzZu3M4vDU l3zY3LC29IqpDRw1Oua/QbOrfELNz7INMn6+PSp5XqvPG5uroUpWzV1XFCGT/mTh aQLj8e4V/GxkuK0HB7IfmZowJt9SdkoGFkEQ2k+ROl5xBUVNa3RsrP4yYGed4XCr yPZnGzQ6djLJIa8gnz2pfV886J9Tj5u8YCL2XsSGGokxWEdzvZnVkMLZczdK2CYZ fdLp3RLAsORS2lXhktlNzPKsotM= =7Zb3 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-03-24 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170320-ani-ios.nasl - Type : ACT_GATHER_INFO |
2017-03-24 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170320-ani-iosxe.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-03-30 21:24:44 |
|
2017-03-25 13:25:20 |
|
2017-03-21 21:26:06 |
|
2017-03-20 21:22:39 |
|