Lucene search
CiscoCISCO-SA-20170320-ANIHistoryMar 20, 2017 - 4:00 p.m.
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
2017-03-2016:00:00
tools.cisco.com
11
EPSS
0.001
Percentile
42.0%
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature
Configured as an autonomic registrar
Has a whitelist configured
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani”]
Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6”].
Affected configurations
Node
ciscoiosMatch15.3s
ORciscoiosMatch15.2e
ORciscoiosMatch15.4s
ORciscoiosMatch15.5s
ORciscoiosMatch15.2ea
ORciscoiosMatch15.4sn
ORciscoiosMatch15.5sn
ORciscoiosMatch15.6s
ORciscoiosMatch15.6t
ORciscoiosMatch15.6sp
ORciscoiosMatch15.6sn
ORciscoiosMatch15.6m
ORciscocisco_iosMatch3.10sxe
ORciscocisco_iosMatch3.12sxe
ORciscocisco_iosMatch3.13sxe
ORciscocisco_iosMatch3.14sxe
ORciscocisco_iosMatch3.15sxe
ORciscocisco_iosMatch3.7exe
ORciscocisco_iosMatch3.16sxe
ORciscocisco_iosMatch3.17sxe
ORciscocisco_iosMatch16.2xe
ORciscocisco_iosMatch3.8exe
ORciscocisco_iosMatch16.3xe
ORciscocisco_iosMatch16.4xe
ORciscocisco_iosMatch3.18sxe
ORciscocisco_iosMatch3.18spxe
ORciscocisco_iosMatch3.9exe
ORciscoiosMatch15.3\(3\)s2
ORciscoiosMatch15.3\(3\)s6
ORciscoiosMatch15.3\(3\)s5
ORciscoiosMatch15.3\(3\)s8
ORciscoiosMatch15.3\(3\)s9
ORciscoiosMatch15.3\(3\)s8a
ORciscoiosMatch15.2\(3\)e
ORciscoiosMatch15.2\(4\)e
ORciscoiosMatch15.2\(3\)e1
ORciscoiosMatch15.2\(3\)e2
ORciscoiosMatch15.2\(3\)e3
ORciscoiosMatch15.2\(4\)e1
ORciscoiosMatch15.2\(4\)e2
ORciscoiosMatch15.2\(3\)e4
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(4\)e3
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(5b\)e
ORciscoiosMatch15.2\(3\)e5
ORciscoiosMatch15.2\(6\)e0b
ORciscoiosMatch15.2\(4s\)e2
ORciscoiosMatch15.4\(1\)s
ORciscoiosMatch15.4\(2\)s
ORciscoiosMatch15.4\(3\)s
ORciscoiosMatch15.4\(1\)s1
ORciscoiosMatch15.4\(1\)s2
ORciscoiosMatch15.4\(2\)s1
ORciscoiosMatch15.4\(1\)s3
ORciscoiosMatch15.4\(3\)s1
ORciscoiosMatch15.4\(2\)s2
ORciscoiosMatch15.4\(3\)s2
ORciscoiosMatch15.4\(3\)s3
ORciscoiosMatch15.4\(1\)s4
ORciscoiosMatch15.4\(2\)s3
ORciscoiosMatch15.4\(2\)s4
ORciscoiosMatch15.4\(3\)s4
ORciscoiosMatch15.4\(3\)s5
ORciscoiosMatch15.4\(3\)s6
ORciscoiosMatch15.4\(3\)s6a
ORciscoiosMatch15.5\(1\)s
ORciscoiosMatch15.5\(2\)s
ORciscoiosMatch15.5\(1\)s1
ORciscoiosMatch15.5\(3\)s
ORciscoiosMatch15.5\(1\)s2
ORciscoiosMatch15.5\(1\)s3
ORciscoiosMatch15.5\(2\)s1
ORciscoiosMatch15.5\(2\)s2
ORciscoiosMatch15.5\(3\)s1a
ORciscoiosMatch15.5\(2\)s3
ORciscoiosMatch15.5\(3\)s2
ORciscoiosMatch15.5\(3\)s3
ORciscoiosMatch15.5\(1\)s4
ORciscoiosMatch15.5\(2\)s4
ORciscoiosMatch15.5\(3\)s4
ORciscoiosMatch15.5\(3\)s5
ORciscoiosMatch15.2\(3\)ea
ORciscoiosMatch15.2\(4\)ea
ORciscoiosMatch15.2\(4\)ea1
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(4\)ea5
ORciscoiosMatch15.4\(2\)sn
ORciscoiosMatch15.4\(2\)sn1
ORciscoiosMatch15.4\(3\)sn1
ORciscoiosMatch15.4\(3\)sn1a
ORciscoiosMatch15.5\(1\)sn
ORciscoiosMatch15.5\(1\)sn1
ORciscoiosMatch15.5\(2\)sn
ORciscoiosMatch15.5\(3\)sn0a
ORciscoiosMatch15.5\(3\)sn
ORciscoiosMatch15.6\(1\)s
ORciscoiosMatch15.6\(2\)s
ORciscoiosMatch15.6\(2\)s1
ORciscoiosMatch15.6\(1\)s1
ORciscoiosMatch15.6\(1\)s2
ORciscoiosMatch15.6\(2\)s0a
ORciscoiosMatch15.6\(2\)s2
ORciscoiosMatch15.6\(1\)s3
ORciscoiosMatch15.6\(1\)t
ORciscoiosMatch15.6\(2\)t
ORciscoiosMatch15.6\(1\)t0a
ORciscoiosMatch15.6\(1\)t1
ORciscoiosMatch15.6\(2\)t1
ORciscoiosMatch15.6\(1\)t2
ORciscoiosMatch15.6\(2\)t2
ORciscoiosMatch15.6\(1\)t3
ORciscoiosMatch15.6\(2\)sp
ORciscoiosMatch15.6\(2\)sp1
ORciscoiosMatch15.6\(1\)sn
ORciscoiosMatch15.6\(1\)sn1
ORciscoiosMatch15.6\(2\)sn
ORciscoiosMatch15.6\(1\)sn2
ORciscoiosMatch15.6\(1\)sn3
ORciscoiosMatch15.6\(3\)sn
ORciscoiosMatch15.6\(4\)sn
ORciscoiosMatch15.6\(5\)sn
ORciscoiosMatch15.6\(6\)sn
ORciscoiosMatch15.6\(7\)sn
ORciscoiosMatch15.6\(7\)sn1
ORciscoiosMatch15.6\(7\)sn2
ORciscoiosMatch15.6\(7\)sn3
ORciscoiosMatch15.6\(3\)m
ORciscoiosMatch15.6\(3\)m1
ORciscoiosMatch15.6\(3\)m0a
ORciscoiosMatch15.6\(3\)m1a
ORciscocisco_iosMatch3.10.4sxe
ORciscocisco_iosMatch3.10.1xcsxe
ORciscocisco_iosMatch3.12.0sxe
ORciscocisco_iosMatch3.12.1sxe
ORciscocisco_iosMatch3.12.2sxe
ORciscocisco_iosMatch3.12.3sxe
ORciscocisco_iosMatch3.12.0asxe
ORciscocisco_iosMatch3.12.4sxe
ORciscocisco_iosMatch3.13.0sxe
ORciscocisco_iosMatch3.13.1sxe
ORciscocisco_iosMatch3.13.2sxe
ORciscocisco_iosMatch3.13.3sxe
ORciscocisco_iosMatch3.13.4sxe
ORciscocisco_iosMatch3.13.5sxe
ORciscocisco_iosMatch3.13.2asxe
ORciscocisco_iosMatch3.13.6sxe
ORciscocisco_iosMatch3.13.6asxe
ORciscocisco_iosMatch3.14.0sxe
ORciscocisco_iosMatch3.14.1sxe
ORciscocisco_iosMatch3.14.2sxe
ORciscocisco_iosMatch3.14.3sxe
ORciscocisco_iosMatch3.14.4sxe
ORciscocisco_iosMatch3.15.0sxe
ORciscocisco_iosMatch3.15.1sxe
ORciscocisco_iosMatch3.15.2sxe
ORciscocisco_iosMatch3.15.3sxe
ORciscocisco_iosMatch3.15.4sxe
ORciscocisco_iosMatch3.7.0exe
ORciscocisco_iosMatch3.7.1exe
ORciscocisco_iosMatch3.7.2exe
ORciscocisco_iosMatch3.7.3exe
ORciscocisco_iosMatch3.7.4exe
ORciscocisco_iosMatch3.7.5exe
ORciscocisco_iosMatch3.16.0sxe
ORciscocisco_iosMatch3.16.1sxe
ORciscocisco_iosMatch3.16.0asxe
ORciscocisco_iosMatch3.16.1asxe
ORciscocisco_iosMatch3.16.2sxe
ORciscocisco_iosMatch3.16.2asxe
ORciscocisco_iosMatch3.16.0bsxe
ORciscocisco_iosMatch3.16.3sxe
ORciscocisco_iosMatch3.16.3asxe
ORciscocisco_iosMatch3.16.4sxe
ORciscocisco_iosMatch3.16.4asxe
ORciscocisco_iosMatch3.16.4bsxe
ORciscocisco_iosMatch3.16.5sxe
ORciscocisco_iosMatch3.16.4csxe
ORciscocisco_iosMatch3.16.5asxe
ORciscocisco_iosMatch3.16.5bsxe
ORciscocisco_iosMatch3.17.0sxe
ORciscocisco_iosMatch3.17.1sxe
ORciscocisco_iosMatch3.17.2sxe
ORciscocisco_iosMatch3.17.3sxe
ORciscocisco_iosMatch16.2.1xe
ORciscocisco_iosMatch16.2.2xe
ORciscocisco_iosMatch3.8.0exe
ORciscocisco_iosMatch3.8.1exe
ORciscocisco_iosMatch3.8.2exe
ORciscocisco_iosMatch3.8.3exe
ORciscocisco_iosMatch16.3.1xe
ORciscocisco_iosMatch16.3.2xe
ORciscocisco_iosMatch16.3.1axe
ORciscocisco_iosMatch16.4.1xe
ORciscocisco_iosMatch3.18.0sxe
ORciscocisco_iosMatch3.18.1sxe
ORciscocisco_iosMatch3.18.2sxe
ORciscocisco_iosMatch3.18.0spxe
ORciscocisco_iosMatch3.18.1spxe
ORciscocisco_iosMatch3.18.1gspxe
ORciscocisco_iosMatch3.18.1bspxe
ORciscocisco_iosMatch3.18.1cspxe
ORciscocisco_iosMatch3.18.1hspxe
ORciscocisco_iosMatch3.18.1ispxe
ORciscocisco_iosMatch3.9.0exe
ORciscocisco_iosMatch3.9.1exe
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | ios | 15.3s | cpe:2.3:o:cisco:ios:15.3s:*:*:*:*:*:*:* |
| cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
| cisco | ios | 15.4s | cpe:2.3:o:cisco:ios:15.4s:*:*:*:*:*:*:* |
| cisco | ios | 15.5s | cpe:2.3:o:cisco:ios:15.5s:*:*:*:*:*:*:* |
| cisco | ios | 15.2ea | cpe:2.3:o:cisco:ios:15.2ea:*:*:*:*:*:*:* |
| cisco | ios | 15.4sn | cpe:2.3:o:cisco:ios:15.4sn:*:*:*:*:*:*:* |
| cisco | ios | 15.5sn | cpe:2.3:o:cisco:ios:15.5sn:*:*:*:*:*:*:* |
| cisco | ios | 15.6s | cpe:2.3:o:cisco:ios:15.6s:*:*:*:*:*:*:* |
| cisco | ios | 15.6t | cpe:2.3:o:cisco:ios:15.6t:*:*:*:*:*:*:* |
| cisco | ios | 15.6sp | cpe:2.3:o:cisco:ios:15.6sp:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2017-3849
2017-03-21 16:00:00
nessus
nessus
Cisco IOS XE ANI Registrar DoS (cisco-sa-20170320-ani)
2017-03-24 00:00:00
Cisco IOS ANI Registrar DoS (cisco-sa-20170320-ani)
2017-03-24 00:00:00
prion
prion
Input validation
2017-03-21 16:59:00
nvd
nvd
CVE-2017-3849
2017-03-21 16:59:00
openvas
openvas
cve
cve
CVE-2017-3849
2017-03-21 16:59:00