CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
55.9%
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS software could allow an unauthenticated, remote attacker to overwrite some configuration values received via ANI.
The vulnerability is due to insufficient validation of received
Autonomic Networking (AN) messages. An attacker could exploit this
vulnerability by sending crafted AN messages. An exploit could allow the attacker to overwrite sensitive configuration and cause a partial denial of service (DoS) condition. A limited set of router services can be affected.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker may need access to trusted, internal networks behind a firewall to send crafted AN messages to the targeted device. This access requirement may reduce the likelihood of a successful exploit.