CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:L/Au:N/C:P/I:P/A:N
EPSS
Percentile
69.3%
A vulnerability in the multicast Domain Name System (mDNS) used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS.
The vulnerability is due to unconstrained autonomic networking mDNS. An attacker could exploit this vulnerability by capturing data on the segment or sending crafted mDNS responses.
Cisco has confirmed the vulnerability in a security notice and released software updates.
Although an attacker does not need to authenticate to a targeted device to exploit this vulnerability, the attacker must have access to the same collision or broadcast domain of the device to attempt an exploit. The access requirement may reduce the likelihood of a successful exploit.