Executive Summary

Summary
Title Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability
Informations
Name cisco-sa-20170320-aniipv6 First vendor Publication 2017-03-20
Vendor Cisco Last vendor Modification 2017-03-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature.

A device must meet two conditions to be affected by this vulnerability:

The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured) The device must have a reachable IPv6 interface An exploit could allow the attacker to cause the affected device to reload.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6"]

Note: Also see the companion advisory for affected devices that are configured as an autonomic registrar: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"].

BEGIN PGP SIGNATURE

iQKBBAEBAgBrBQJYz/8FZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlaRA//a9iZUux/uV4vP+Ro iXa4MD+SjByb3/JBiM+CXEEeKgraYh9amaJbaWuWJekRpsQg4uOssLYa6kWSAFCn f7t3Osig//b3AifdFwKvEFcAk45Gu10DoYrwgFZMS8wQVw6YSRXxfrCRJKWGVPq1 yspaRyvn4Nmf381xg/As53siPSO3FDx88lshVgyvzMHPdJVNbbDbo4VaFiIHTBEO Zlc2f2F+inZEroNoOSVDY1gQDIfG4mK73z+ka+l+evatMPLEKOBv2OP7BGcuG8tY hyaiSfTP91M0Zc+86Q8VizopxfWBNJKOT/RZYybbRApViRbDBd8dm7veAizZh/MT HeXvDjSb6FxDhkK90QEK/4xqewFaYSRkWpGK79N03/6Uv1RPM+AuWscpkWKc96VQ aRlT1rREaQgKkBvwiHiOVvKnvUIVxLvJoloFsoELxv2pKd+5b1zxwfmkAFVwPC1U 4b+6T/TWumRyfOhgANj249qUwQsiValnu5Qx3p1ZrZiZce6zofU5Dvyqpihg0JiY 2xuya2HwfJEPji106nyrIdzvXekemoKNr/KBdTq8qkpo2HP6aBn8oh26CLTqAx0g F/pGBlNFRP+ql5hO/vW5gsps/dlOflbQg3m0LEqVF03FrIePKVmlSJ2cM6uHwtPE gvJGgfBqwqfGjPsSuqcV6epB7HA= =gzXu END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 62
Os 81

Snort® IPS/IDS

Date Description
2017-03-23 Cisco IOS autonomic networking discovery denial of service attempt
RuleID : 42051 - Revision : 1 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2017-03-24 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170320-aniipv6-ios.nasl - Type : ACT_GATHER_INFO
2017-03-24 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170320-aniipv6-iosxe.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2017-03-27 21:22:44
  • Multiple Updates
2017-03-25 13:25:20
  • Multiple Updates
2017-03-21 21:26:06
  • Multiple Updates
2017-03-20 21:24:54
  • Multiple Updates
2017-03-20 21:22:38
  • First insertion