A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature.
A device must meet two conditions to be affected by this vulnerability:
The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured)
The device must have a reachable IPv6 interface
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6”]
Note: Also see the companion advisory for affected devices that are configured as an autonomic registrar: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani”].
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ios | 15.3s | cpe:2.3:o:cisco:ios:15.3s:*:*:*:*:*:*:* |
cisco | ios | 15.2e | cpe:2.3:o:cisco:ios:15.2e:*:*:*:*:*:*:* |
cisco | ios | 15.4s | cpe:2.3:o:cisco:ios:15.4s:*:*:*:*:*:*:* |
cisco | ios | 15.5s | cpe:2.3:o:cisco:ios:15.5s:*:*:*:*:*:*:* |
cisco | ios | 15.2ea | cpe:2.3:o:cisco:ios:15.2ea:*:*:*:*:*:*:* |
cisco | ios | 15.4sn | cpe:2.3:o:cisco:ios:15.4sn:*:*:*:*:*:*:* |
cisco | ios | 15.5sn | cpe:2.3:o:cisco:ios:15.5sn:*:*:*:*:*:*:* |
cisco | ios | 15.6s | cpe:2.3:o:cisco:ios:15.6s:*:*:*:*:*:*:* |
cisco | ios | 15.6t | cpe:2.3:o:cisco:ios:15.6t:*:*:*:*:*:*:* |
cisco | ios | 15.6sp | cpe:2.3:o:cisco:ios:15.6sp:*:*:*:*:*:*:* |