-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability
Advisory ID: cisco-sa-20170320-aniipv6 Revision: 1.0 For Public Release: 2017 March 20 16:00 GMT Last Updated: 2017 March 20 16:00 GMT CVE ID(s): CVE-2017-3850 CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H +--------------------------------------------------------------------- Summary ======= A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured) The device must have a reachable IPv6 interface An exploit could allow the attacker to cause the affected device to reload. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6";] Note: Also see the companion advisory for affected devices that are configured as an autonomic registrar: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani";]. -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJYz/8FZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHlaRA//a9iZUux/uV4vP+Ro iXa4MD+SjByb3/JBiM+CXEEeKgraYh9amaJbaWuWJekRpsQg4uOssLYa6kWSAFCn f7t3Osig//b3AifdFwKvEFcAk45Gu10DoYrwgFZMS8wQVw6YSRXxfrCRJKWGVPq1 yspaRyvn4Nmf381xg/As53siPSO3FDx88lshVgyvzMHPdJVNbbDbo4VaFiIHTBEO Zlc2f2F+inZEroNoOSVDY1gQDIfG4mK73z+ka+l+evatMPLEKOBv2OP7BGcuG8tY hyaiSfTP91M0Zc+86Q8VizopxfWBNJKOT/RZYybbRApViRbDBd8dm7veAizZh/MT HeXvDjSb6FxDhkK90QEK/4xqewFaYSRkWpGK79N03/6Uv1RPM+AuWscpkWKc96VQ aRlT1rREaQgKkBvwiHiOVvKnvUIVxLvJoloFsoELxv2pKd+5b1zxwfmkAFVwPC1U 4b+6T/TWumRyfOhgANj249qUwQsiValnu5Qx3p1ZrZiZce6zofU5Dvyqpihg0JiY 2xuya2HwfJEPji106nyrIdzvXekemoKNr/KBdTq8qkpo2HP6aBn8oh26CLTqAx0g F/pGBlNFRP+ql5hO/vW5gsps/dlOflbQg3m0LEqVF03FrIePKVmlSJ2cM6uHwtPE gvJGgfBqwqfGjPsSuqcV6epB7HA= =gzXu -----END PGP SIGNATURE----- _______________________________________________ apops mailing list [email protected] https://mailman.apnic.net/mailman/listinfo/apops Website: www.apops.net
