Executive Summary

Title Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure
Name cisco-sa-20150325-ani First vendor Publication 2015-03-25
Vendor Cisco Last vendor Modification 2015-03-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 8.5 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device.

Autonomic Networking Registration Authority Spoofing Vulnerability Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability

Cisco has released free software updates that address these vulnerabilities.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani

Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html

BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJVEg3EAAoJEIpI1I6i1Mx3D4kP/RHXNWflKJAGDDZwOfPHgPTu 3ILcyxaURs0troplCPwsJg94U8NZaeRiOQ8Xsu1s4ajquVEXLRFcdw5WKP/Yulir V7M106xpoemlQGMiw/MNEpAzzP4UNQBCO8A66gLrSGQVFI37C0ysH6yE/307d7Qz LX+aEF7nrOtOw6+ZbVF7irebyMGjaqfblOwDeuXzcyDfHp8hEKuIPfQEh7FaBooQ TnnySenNnhbfu6x0px7gTJteEMcOhDTOaW5m2MuF9STKRRGjauhng1IxJirJPC6k tyIJ+1VOop3Ps49E3czgWUtciFufCjgcl6SbmdYx97KCTQIyt7Mmel2cE37il7wR MzgSyuuIgI4METMdDWwxfTpujXXxdM5iRJNXpoSRzD40NFk9q57QvslwSSO6+1Yf ycnAGDVY+n9ahO3boZdMNne9V9dbCYIbVXES5VXxjaiHvCcRWIDUSJ+JeuX5s+em dMGGIqO8xz3Orl1i77kwWpo22V6txXX6YM07Bg52L+8xbbo7ChKDal5R6UAXsgRB vcA7ckhp28SDtlfy0aJHZHzvHNeOqCD55O8HaSdFoh94mkzBlFVxMkaKHnyeZWyA nWJtC8jHgu+VuyLien930AcUtY4NzO9ZT78c98FePuqkZbqKSvnRqYz69Dgaqu7i aqAAKX2qj2R18xzrUBya =yOgs END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Os 29
Os 15

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-30 IAVM : 2015-A-0175 - Multiple Vulnerabilities in Cisco IOS XE
Severity : Category I - VMSKEY : V0061141

Nessus® Vulnerability Scanner

Date Description
2015-04-06 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150325-ani-ios.nasl - Type : ACT_GATHER_INFO
2015-04-06 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20150325-ani-iosxe.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-07-21 12:09:08
  • Multiple Updates
2015-10-18 17:22:07
  • Multiple Updates
2015-04-07 13:28:40
  • Multiple Updates
2015-03-26 21:37:17
  • Multiple Updates
2015-03-25 21:26:35
  • First insertion