CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
49.4%
A vulnerability in certificate validation for Autonomic Network Infrastructure (ANI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to provide an invalid message and have the ANI device accept it.
The vulnerability is due to incomplete certificate validation. An attacker could exploit this vulnerability by sending crafted messages to the ANI device.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, an attacker may need access to trusted, internal networks in which the targeted system may reside, in order to send crafted messages to the device. This access requirement may reduce the likelihood of a successful exploit.