CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
65.6%
A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane (ACP).
The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networking Infrastructure (ANI) interfaces. An attacker could exploit this vulnerability by sending crafted RPL advertisements to the ANI device.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the targeted device. This access requirement may reduce the possibility of a successful exploit.