Cisco IOS XE Software Autonomic Networking Infrastructure Overwrite Vulnerability

A vulnerability in the multicast Domain Name System (mDNS) used for autonomic networking in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to read or overwrite autonomic networking services discovered via mDNS.

The vulnerability is due to unconstrained autonomic networking mDNS. An attacker could exploit this vulnerability by capturing data on the segment or sending crafted mDNS responses.

Cisco has confirmed the vulnerability in a security notice and released software updates.

Although an attacker does not need to authenticate to a targeted device to exploit this vulnerability, the attacker must have access to the same collision or broadcast domain of the device to attempt an exploit. The access requirement may reduce the likelihood of a successful exploit.