Executive Summary

Summary
Title Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
Informations
Name cisco-sa-20170320-ani First vendor Publication 2017-03-20
Vendor Cisco Last vendor Modification 2017-03-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 6.1 Attack Range Adjacent network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:

Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature Configured as an autonomic registrar Has a whitelist configured An exploit could allow the attacker to cause the affected device to reload.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"]

Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6"].

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJYz/8xZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlp1w/9FoB7KLBY6+wq75nR JbfkdDoeZUcYrz8DyY5vqJymCkGMLtAqWJryS4aShZ2DfiPbIlagtr9Odlf//1oF PT3aUESHa/do2QsuGC3QNds3He6t9QBD/Gz0daCnu5OOlvfhGM3SkvxIV21j5S9d KLj4afL8vTr6360CxG93Zkr2U5h8WT0nGYem1nF7rFprZjV/oWpT5gXZY8VfZpxx ge56MnanxBrzAnOKLEairVF4CD0/Y5jzt4wmYln3k6KJBQRg4M2dVBZ83CvWnTAx sWFQVFPKwwfrfUIXbCbeur902QCT2e2343Kj3SItPCUldCOp2kdL1X0xkJb+suyd eB4A2TP3df+pBRetAwPK9yf/+6ko/bKAx2DLYEACoPcCaYFHWSRu8QeHHSmtwU1Z pb273iRCKpM8Rd1WWHtWL6IkyJ27BkbTG+UQEMfZ5iDbXSuiuYkWZEgzZu3M4vDU l3zY3LC29IqpDRw1Oua/QbOrfELNz7INMn6+PSp5XqvPG5uroUpWzV1XFCGT/mTh aQLj8e4V/GxkuK0HB7IfmZowJt9SdkoGFkEQ2k+ROl5xBUVNa3RsrP4yYGed4XCr yPZnGzQ6djLJIa8gnz2pfV886J9Tj5u8YCL2XsSGGokxWEdzvZnVkMLZczdK2CYZ fdLp3RLAsORS2lXhktlNzPKsotM= =7Zb3 END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 77
Os 84

Nessus® Vulnerability Scanner

Date Description
2017-03-24 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170320-ani-ios.nasl - Type : ACT_GATHER_INFO
2017-03-24 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170320-ani-iosxe.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2017-03-30 21:24:44
  • Multiple Updates
2017-03-25 13:25:20
  • Multiple Updates
2017-03-21 21:26:06
  • Multiple Updates
2017-03-20 21:22:39
  • First insertion