A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature
Configured as an autonomic registrar
Has a whitelist configured
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani”]
Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 15.3s | cpe:2.3:o:cisco:ios:15.3s:*:*:*:*:*:*:* |
cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
cisco | ios | 15.4s | cpe:2.3:o:cisco:ios:15.4s:*:*:*:*:*:*:* |
cisco | ios | 15.5s | cpe:2.3:o:cisco:ios:15.5s:*:*:*:*:*:*:* |
cisco | ios | 15.2ea | cpe:2.3:o:cisco:ios:15.2ea:*:*:*:*:*:*:* |
cisco | ios | 15.4sn | cpe:2.3:o:cisco:ios:15.4sn:*:*:*:*:*:*:* |
cisco | ios | 15.5sn | cpe:2.3:o:cisco:ios:15.5sn:*:*:*:*:*:*:* |
cisco | ios | 15.6s | cpe:2.3:o:cisco:ios:15.6s:*:*:*:*:*:*:* |
cisco | ios | 15.6t | cpe:2.3:o:cisco:ios:15.6t:*:*:*:*:*:*:* |
cisco | ios | 15.6sp | cpe:2.3:o:cisco:ios:15.6sp:*:*:*:*:*:*:* |