Cisco IOS Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI.

The vulnerability is due to insufficient validation of received
Autonomic Networking (AN) messages. An attacker could exploit this
vulnerability by sending crafted AN messages. An exploit could allow the attacker to overwrite sensitive configuration and cause a partial denial of service (DoS) condition. A limited set of router services can be affected.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted AN messages to the targeted device. This access requirement may reduce the likelihood of a successful exploit.