Lucene search
CiscoCISCO-SA-20170320-ANIHistoryMar 20, 2017 - 4:00 p.m.
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability
2017-03-2016:00:00
tools.cisco.com
7
0.001 Low
EPSS
Percentile
42.1%
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics:
Running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature
Configured as an autonomic registrar
Has a whitelist configured
An exploit could allow the attacker to cause the affected device to reload.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani”]
Note: Also see the companion advisory for affected devices that support Autonomic Networking: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-aniipv6”].
Affected configurations
Node
ciscoiosMatch15.3s
ORciscoiosMatch15.2e
ORciscoiosMatch15.4s
ORciscoiosMatch15.5s
ORciscoiosMatch15.2ea
ORciscoiosMatch15.4sn
ORciscoiosMatch15.5sn
ORciscoiosMatch15.6s
ORciscoiosMatch15.6t
ORciscoiosMatch15.6sp
ORciscoiosMatch15.6sn
ORciscoiosMatch15.6m
ORciscorvs4000_softwareMatch3.10s
ORciscorvs4000_softwareMatch3.12s
ORciscorvs4000_softwareMatch3.13s
ORciscorvs4000_softwareMatch3.14s
ORciscorvs4000_softwareMatch3.15s
ORciscorvs4000_softwareMatch3.7e
ORciscorvs4000_softwareMatch3.16s
ORciscorvs4000_softwareMatch3.17s
ORciscorvs4000_softwareMatch16.2
ORciscorvs4000_softwareMatch3.8e
ORciscorvs4000_softwareMatch16.3
ORciscorvs4000_softwareMatch16.4
ORciscorvs4000_softwareMatch3.18s
ORciscorvs4000_softwareMatch3.18sp
ORciscorvs4000_softwareMatch3.9e
ORciscoiosMatch15.3\(3\)s2
ORciscoiosMatch15.3\(3\)s6
ORciscoiosMatch15.3\(3\)s5
ORciscoiosMatch15.3\(3\)s8
ORciscoiosMatch15.3\(3\)s9
ORciscoiosMatch15.3\(3\)s8a
ORciscoiosMatch15.2\(3\)e
ORciscoiosMatch15.2\(4\)e
ORciscoiosMatch15.2\(3\)e1
ORciscoiosMatch15.2\(3\)e2
ORciscoiosMatch15.2\(3\)e3
ORciscoiosMatch15.2\(4\)e1
ORciscoiosMatch15.2\(4\)e2
ORciscoiosMatch15.2\(3\)e4
ORciscoiosMatch15.2\(5\)e
ORciscoiosMatch15.2\(4\)e3
ORciscoiosMatch15.2\(5\)e1
ORciscoiosMatch15.2\(5b\)e
ORciscoiosMatch15.2\(3\)e5
ORciscoiosMatch15.2\(6\)e0b
ORciscoiosMatch15.2\(4s\)e2
ORciscoiosMatch15.4\(1\)s
ORciscoiosMatch15.4\(2\)s
ORciscoiosMatch15.4\(3\)s
ORciscoiosMatch15.4\(1\)s1
ORciscoiosMatch15.4\(1\)s2
ORciscoiosMatch15.4\(2\)s1
ORciscoiosMatch15.4\(1\)s3
ORciscoiosMatch15.4\(3\)s1
ORciscoiosMatch15.4\(2\)s2
ORciscoiosMatch15.4\(3\)s2
ORciscoiosMatch15.4\(3\)s3
ORciscoiosMatch15.4\(1\)s4
ORciscoiosMatch15.4\(2\)s3
ORciscoiosMatch15.4\(2\)s4
ORciscoiosMatch15.4\(3\)s4
ORciscoiosMatch15.4\(3\)s5
ORciscoiosMatch15.4\(3\)s6
ORciscoiosMatch15.4\(3\)s6a
ORciscoiosMatch15.5\(1\)s
ORciscoiosMatch15.5\(2\)s
ORciscoiosMatch15.5\(1\)s1
ORciscoiosMatch15.5\(3\)s
ORciscoiosMatch15.5\(1\)s2
ORciscoiosMatch15.5\(1\)s3
ORciscoiosMatch15.5\(2\)s1
ORciscoiosMatch15.5\(2\)s2
ORciscoiosMatch15.5\(3\)s1a
ORciscoiosMatch15.5\(2\)s3
ORciscoiosMatch15.5\(3\)s2
ORciscoiosMatch15.5\(3\)s3
ORciscoiosMatch15.5\(1\)s4
ORciscoiosMatch15.5\(2\)s4
ORciscoiosMatch15.5\(3\)s4
ORciscoiosMatch15.5\(3\)s5
ORciscoiosMatch15.2\(3\)ea
ORciscoiosMatch15.2\(4\)ea
ORciscoiosMatch15.2\(4\)ea1
ORciscoiosMatch15.2\(5\)ea
ORciscoiosMatch15.2\(4\)ea5
ORciscoiosMatch15.4\(2\)sn
ORciscoiosMatch15.4\(2\)sn1
ORciscoiosMatch15.4\(3\)sn1
ORciscoiosMatch15.4\(3\)sn1a
ORciscoiosMatch15.5\(1\)sn
ORciscoiosMatch15.5\(1\)sn1
ORciscoiosMatch15.5\(2\)sn
ORciscoiosMatch15.5\(3\)sn0a
ORciscoiosMatch15.5\(3\)sn
ORciscoiosMatch15.6\(1\)s
ORciscoiosMatch15.6\(2\)s
ORciscoiosMatch15.6\(2\)s1
ORciscoiosMatch15.6\(1\)s1
ORciscoiosMatch15.6\(1\)s2
ORciscoiosMatch15.6\(2\)s0a
ORciscoiosMatch15.6\(2\)s2
ORciscoiosMatch15.6\(1\)s3
ORciscoiosMatch15.6\(1\)t
ORciscoiosMatch15.6\(2\)t
ORciscoiosMatch15.6\(1\)t0a
ORciscoiosMatch15.6\(1\)t1
ORciscoiosMatch15.6\(2\)t1
ORciscoiosMatch15.6\(1\)t2
ORciscoiosMatch15.6\(2\)t2
ORciscoiosMatch15.6\(1\)t3
ORciscoiosMatch15.6\(2\)sp
ORciscoiosMatch15.6\(2\)sp1
ORciscoiosMatch15.6\(1\)sn
ORciscoiosMatch15.6\(1\)sn1
ORciscoiosMatch15.6\(2\)sn
ORciscoiosMatch15.6\(1\)sn2
ORciscoiosMatch15.6\(1\)sn3
ORciscoiosMatch15.6\(3\)sn
ORciscoiosMatch15.6\(4\)sn
ORciscoiosMatch15.6\(5\)sn
ORciscoiosMatch15.6\(6\)sn
ORciscoiosMatch15.6\(7\)sn
ORciscoiosMatch15.6\(7\)sn1
ORciscoiosMatch15.6\(7\)sn2
ORciscoiosMatch15.6\(7\)sn3
ORciscoiosMatch15.6\(3\)m
ORciscoiosMatch15.6\(3\)m1
ORciscoiosMatch15.6\(3\)m0a
ORciscoiosMatch15.6\(3\)m1a
ORciscorvs4000_softwareMatch3.10.4s
ORciscorvs4000_softwareMatch3.10.1xcs
ORciscorvs4000_softwareMatch3.12.0s
ORciscorvs4000_softwareMatch3.12.1s
ORciscorvs4000_softwareMatch3.12.2s
ORciscorvs4000_softwareMatch3.12.3s
ORciscorvs4000_softwareMatch3.12.0as
ORciscorvs4000_softwareMatch3.12.4s
ORciscorvs4000_softwareMatch3.13.0s
ORciscorvs4000_softwareMatch3.13.1s
ORciscorvs4000_softwareMatch3.13.2s
ORciscorvs4000_softwareMatch3.13.3s
ORciscorvs4000_softwareMatch3.13.4s
ORciscorvs4000_softwareMatch3.13.5s
ORciscorvs4000_softwareMatch3.13.2as
ORciscorvs4000_softwareMatch3.13.6s
ORciscorvs4000_softwareMatch3.13.6as
ORciscorvs4000_softwareMatch3.14.0s
ORciscorvs4000_softwareMatch3.14.1s
ORciscorvs4000_softwareMatch3.14.2s
ORciscorvs4000_softwareMatch3.14.3s
ORciscorvs4000_softwareMatch3.14.4s
ORciscorvs4000_softwareMatch3.15.0s
ORciscorvs4000_softwareMatch3.15.1s
ORciscorvs4000_softwareMatch3.15.2s
ORciscorvs4000_softwareMatch3.15.3s
ORciscorvs4000_softwareMatch3.15.4s
ORciscorvs4000_softwareMatch3.7.0e
ORciscorvs4000_softwareMatch3.7.1e
ORciscorvs4000_softwareMatch3.7.2e
ORciscorvs4000_softwareMatch3.7.3e
ORciscorvs4000_softwareMatch3.7.4e
ORciscorvs4000_softwareMatch3.7.5e
ORciscorvs4000_softwareMatch3.16.0s
ORciscorvs4000_softwareMatch3.16.1s
ORciscorvs4000_softwareMatch3.16.0as
ORciscorvs4000_softwareMatch3.16.1as
ORciscorvs4000_softwareMatch3.16.2s
ORciscorvs4000_softwareMatch3.16.2as
ORciscorvs4000_softwareMatch3.16.0bs
ORciscorvs4000_softwareMatch3.16.3s
ORciscorvs4000_softwareMatch3.16.3as
ORciscorvs4000_softwareMatch3.16.4s
ORciscorvs4000_softwareMatch3.16.4as
ORciscorvs4000_softwareMatch3.16.4bs
ORciscorvs4000_softwareMatch3.16.5s
ORciscorvs4000_softwareMatch3.16.4cs
ORciscorvs4000_softwareMatch3.16.5as
ORciscorvs4000_softwareMatch3.16.5bs
ORciscorvs4000_softwareMatch3.17.0s
ORciscorvs4000_softwareMatch3.17.1s
ORciscorvs4000_softwareMatch3.17.2s
ORciscorvs4000_softwareMatch3.17.3s
ORciscorvs4000_softwareMatch16.2.1
ORciscorvs4000_softwareMatch16.2.2
ORciscorvs4000_softwareMatch3.8.0e
ORciscorvs4000_softwareMatch3.8.1e
ORciscorvs4000_softwareMatch3.8.2e
ORciscorvs4000_softwareMatch3.8.3e
ORciscorvs4000_softwareMatch16.3.1
ORciscorvs4000_softwareMatch16.3.2
ORciscorvs4000_softwareMatch16.3.1a
ORciscorvs4000_softwareMatch16.4.1
ORciscorvs4000_softwareMatch3.18.0s
ORciscorvs4000_softwareMatch3.18.1s
ORciscorvs4000_softwareMatch3.18.2s
ORciscorvs4000_softwareMatch3.18.0sp
ORciscorvs4000_softwareMatch3.18.1sp
ORciscorvs4000_softwareMatch3.18.1gsp
ORciscorvs4000_softwareMatch3.18.1bsp
ORciscorvs4000_softwareMatch3.18.1csp
ORciscorvs4000_softwareMatch3.18.1hsp
ORciscorvs4000_softwareMatch3.18.1isp
ORciscorvs4000_softwareMatch3.9.0e
ORciscorvs4000_softwareMatch3.9.1e
Related
nvd
nvd
CVE-2017-3849
2017-03-21 16:59:00
cve
cve
CVE-2017-3849
2017-03-21 16:59:00
openvas
openvas
nessus
nessus
Cisco IOS ANI Registrar DoS (cisco-sa-20170320-ani)
2017-03-24 00:00:00
Cisco IOS XE ANI Registrar DoS (cisco-sa-20170320-ani)
2017-03-24 00:00:00
prion
prion
Input validation
2017-03-21 16:59:00
cvelist
cvelist
CVE-2017-3849
2017-03-21 16:00:00