Cisco IOS XE Software Autonomic Networking Infrastructure Routing Protocol for Low-Power and Lossy Networks Vulnerability

A vulnerability in the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) of Cisco IOS XE could allow an unauthenticated, adjacent attacker to inject routes into the autonomic control plane (ACP).

The vulnerability is due to RPL being active on ACP as well as the external Autonomic Networking Infrastructure (ANI) interfaces. An attacker could exploit this vulnerability by sending crafted RPL advertisements to the ANI device.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, an attacker must be on the same broadcast or collision domain as the targeted device. This access requirement may reduce the possibility of a successful exploit.