[c-nsp] Cisco Security Advisory: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
psirt at cisco.com
psirt at cisco.com
Mon Mar 20 12:11:46 EDT 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
Advisory ID: cisco-sa-20170320-ani
Revision: 1.0
For Public Release: 2017 March 20 16:00 GMT
Last Updated: 2017 March 20 16:00 GMT
CVE ID(s): CVE-2017-3849
CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+---------------------------------------------------------------------
Summary
=======
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature
Configured as an autonomic registrar
Has a whitelist configured
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"]
Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6"].
-----BEGIN PGP SIGNATURE-----
iQKBBAEBAgBrBQJYz/8xZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlp1w/9FoB7KLBY6+wq75nR
JbfkdDoeZUcYrz8DyY5vqJymCkGMLtAqWJryS4aShZ2DfiPbIlagtr9Odlf//1oF
PT3aUESHa/do2QsuGC3QNds3He6t9QBD/Gz0daCnu5OOlvfhGM3SkvxIV21j5S9d
KLj4afL8vTr6360CxG93Zkr2U5h8WT0nGYem1nF7rFprZjV/oWpT5gXZY8VfZpxx
ge56MnanxBrzAnOKLEairVF4CD0/Y5jzt4wmYln3k6KJBQRg4M2dVBZ83CvWnTAx
sWFQVFPKwwfrfUIXbCbeur902QCT2e2343Kj3SItPCUldCOp2kdL1X0xkJb+suyd
eB4A2TP3df+pBRetAwPK9yf/+6ko/bKAx2DLYEACoPcCaYFHWSRu8QeHHSmtwU1Z
pb273iRCKpM8Rd1WWHtWL6IkyJ27BkbTG+UQEMfZ5iDbXSuiuYkWZEgzZu3M4vDU
l3zY3LC29IqpDRw1Oua/QbOrfELNz7INMn6+PSp5XqvPG5uroUpWzV1XFCGT/mTh
aQLj8e4V/GxkuK0HB7IfmZowJt9SdkoGFkEQ2k+ROl5xBUVNa3RsrP4yYGed4XCr
yPZnGzQ6djLJIa8gnz2pfV886J9Tj5u8YCL2XsSGGokxWEdzvZnVkMLZczdK2CYZ
fdLp3RLAsORS2lXhktlNzPKsotM=
=7Zb3
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list