—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability
Advisory ID: cisco-sa-20170320-aniipv6
Revision: 1.0
For Public Release: 2017 March 20 16:00 GMT
Last Updated: 2017 March 20 16:00 GMT
CVE ID(s): CVE-2017-3850
CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
+———————————————————————
Summary
=======
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature.
A device must meet two conditions to be affected by this vulnerability:
The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured)
The device must have a reachable IPv6 interface
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6”]
Note: Also see the companion advisory for affected devices that are configured as an autonomic registrar: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani”].
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJYz/8FZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlaRA//a9iZUux/uV4vP+Ro
iXa4MD+SjByb3/JBiM+CXEEeKgraYh9amaJbaWuWJekRpsQg4uOssLYa6kWSAFCn
f7t3Osig//b3AifdFwKvEFcAk45Gu10DoYrwgFZMS8wQVw6YSRXxfrCRJKWGVPq1
yspaRyvn4Nmf381xg/As53siPSO3FDx88lshVgyvzMHPdJVNbbDbo4VaFiIHTBEO
Zlc2f2F+inZEroNoOSVDY1gQDIfG4mK73z+ka+l+evatMPLEKOBv2OP7BGcuG8tY
hyaiSfTP91M0Zc+86Q8VizopxfWBNJKOT/RZYybbRApViRbDBd8dm7veAizZh/MT
HeXvDjSb6FxDhkK90QEK/4xqewFaYSRkWpGK79N03/6Uv1RPM+AuWscpkWKc96VQ
aRlT1rREaQgKkBvwiHiOVvKnvUIVxLvJoloFsoELxv2pKd+5b1zxwfmkAFVwPC1U
4b+6T/TWumRyfOhgANj249qUwQsiValnu5Qx3p1ZrZiZce6zofU5Dvyqpihg0JiY
2xuya2HwfJEPji106nyrIdzvXekemoKNr/KBdTq8qkpo2HP6aBn8oh26CLTqAx0g
F/pGBlNFRP+ql5hO/vW5gsps/dlOflbQg3m0LEqVF03FrIePKVmlSJ2cM6uHwtPE
gvJGgfBqwqfGjPsSuqcV6epB7HA=
=gzXu
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com