Lucene search

[email protected]CVE-2017-3849

HistoryMar 21, 2017 - 4:59 p.m.

CVE-2017-3849

2017-03-2116:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2017-3849

denial of service

cisco

autonomic networking infrastructure

ani

registrar

vulnerability

dos

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717.

Affected configurations

NVD

Node

ciscoiosMatch15.2\(3\)e

ciscoiosMatch15.2\(3\)e1

ciscoiosMatch15.2\(3\)e2

ciscoiosMatch15.2\(3\)e3

ciscoiosMatch15.2\(4\)e

ciscoiosMatch15.2\(4\)e1

ciscoiosMatch15.2\(4\)e2

ciscoiosMatch15.2\(4\)e3

ciscoiosMatch15.2\(5\)e

ciscoiosMatch15.2\(5\)e1

ciscoiosMatch15.2\(5a\)e

ciscoiosMatch15.2\(5b\)e

ciscoiosMatch15.3\(3\)s

ciscoiosMatch15.3\(3\)s1

ciscoiosMatch15.3\(3\)s2

ciscoiosMatch15.3\(3\)s3

ciscoiosMatch15.3\(3\)s4

ciscoiosMatch15.3\(3\)s5

ciscoiosMatch15.3\(3\)s6

ciscoiosMatch15.3\(3\)s8

ciscoiosMatch15.3\(3\)s9

ciscoiosMatch15.4\(1\)s

ciscoiosMatch15.4\(1\)s1

ciscoiosMatch15.4\(1\)s2

ciscoiosMatch15.4\(1\)s3

ciscoiosMatch15.4\(1\)s4

ciscoiosMatch15.4\(2\)s1

ciscoiosMatch15.4\(2\)s2

ciscoiosMatch15.4\(2\)s3

ciscoiosMatch15.4\(2\)s4

ciscoiosMatch15.4\(3\)s

ciscoiosMatch15.4\(3\)s1

ciscoiosMatch15.4\(3\)s2

ciscoiosMatch15.4\(3\)s3

ciscoiosMatch15.4\(3\)s4

ciscoiosMatch15.4\(3\)s5

ciscoiosMatch15.4\(3\)s6

ciscoiosMatch15.4\(3\)s6a

ciscoiosMatch15.5\(1\)s

ciscoiosMatch15.5\(1\)s1

ciscoiosMatch15.5\(1\)s2

ciscoiosMatch15.5\(1\)s3

ciscoiosMatch15.5\(1\)s4

ciscoiosMatch15.5\(2\)s

ciscoiosMatch15.5\(2\)s1

ciscoiosMatch15.5\(2\)s2

ciscoiosMatch15.5\(2\)s3

ciscoiosMatch15.5\(2\)s4

ciscoiosMatch15.5\(3\)s

ciscoiosMatch15.5\(3\)s0a

ciscoiosMatch15.5\(3\)s1

ciscoiosMatch15.5\(3\)s1a

ciscoiosMatch15.5\(3\)s2

ciscoiosMatch15.5\(3\)s3

ciscoiosMatch15.5\(3\)s4

ciscoiosMatch15.5\(3\)s5

ciscoiosMatch15.5\(3\)sn

ciscoiosMatch15.6\(1\)s

ciscoiosMatch15.6\(1\)s1

ciscoiosMatch15.6\(1\)s2

ciscoiosMatch15.6\(1\)s3

ciscoiosMatch15.6\(1\)t

ciscoiosMatch15.6\(1\)t0a

ciscoiosMatch15.6\(1\)t1

ciscoiosMatch15.6\(1\)t2

ciscoiosMatch15.6\(2\)s

ciscoiosMatch15.6\(2\)s1

ciscoiosMatch15.6\(2\)s2

ciscoiosMatch15.6\(2\)sn

ciscoiosMatch15.6\(2\)sp

ciscoiosMatch15.6\(2\)sp1

ciscoiosMatch15.6\(2\)t

ciscoiosMatch15.6\(2\)t1

ciscoiosMatch15.6\(2\)t2

ciscoiosMatch15.6\(3\)m

ciscoiosMatch15.6\(3\)m0a

ciscoiosMatch15.6\(3\)m1

ciscoios_xeMatch3.7.0e

ciscoios_xeMatch3.7.1e

ciscoios_xeMatch3.7.2e

ciscoios_xeMatch3.7.3e

ciscoios_xeMatch3.7.4e

ciscoios_xeMatch3.7.5e

ciscoios_xeMatch3.8.0e

ciscoios_xeMatch3.8.1e

ciscoios_xeMatch3.8.2e

ciscoios_xeMatch3.8.3e

ciscoios_xeMatch3.9.0e

ciscoios_xeMatch3.9.1e

ciscoios_xeMatch3.10.0s

ciscoios_xeMatch3.10.1s

ciscoios_xeMatch3.10.1xbs

ciscoios_xeMatch3.10.2s

ciscoios_xeMatch3.10.2ts

ciscoios_xeMatch3.10.3s

ciscoios_xeMatch3.10.4s

ciscoios_xeMatch3.10.5s

ciscoios_xeMatch3.10.6s

ciscoios_xeMatch3.10.7s

ciscoios_xeMatch3.10.8as

ciscoios_xeMatch3.10.8s

ciscoios_xeMatch3.11.0s

ciscoios_xeMatch3.11.1s

ciscoios_xeMatch3.11.2s

ciscoios_xeMatch3.11.3s

ciscoios_xeMatch3.11.4s

ciscoios_xeMatch3.12.0as

ciscoios_xeMatch3.12.1s

ciscoios_xeMatch3.12.2s

ciscoios_xeMatch3.12.3s

ciscoios_xeMatch3.12.4s

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.13.6s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15.4s

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.3s

ciscoios_xeMatch3.16.4as

ciscoios_xeMatch3.16.4bs

ciscoios_xeMatch3.16.4ds

ciscoios_xeMatch3.16.4s

ciscoios_xeMatch3.16.5s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.18.0as

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1asp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1csp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.3vs

CPENameOperatorVersion
cisco:ioscisco ioseq15.2\(3\)e
cisco:ioscisco ioseq15.2\(3\)e1
cisco:ioscisco ioseq15.2\(3\)e2
cisco:ioscisco ioseq15.2\(3\)e3
cisco:ioscisco ioseq15.2\(4\)e
cisco:ioscisco ioseq15.2\(4\)e1
cisco:ioscisco ioseq15.2\(4\)e2
cisco:ioscisco ioseq15.2\(4\)e3
cisco:ioscisco ioseq15.2\(5\)e
cisco:ioscisco ioseq15.2\(5\)e1

CPE	Name	Operator	Version
cisco:ios	cisco ios	eq	15.2\(3\)e
cisco:ios	cisco ios	eq	15.2\(3\)e1
cisco:ios	cisco ios	eq	15.2\(3\)e2
cisco:ios	cisco ios	eq	15.2\(3\)e3
cisco:ios	cisco ios	eq	15.2\(4\)e
cisco:ios	cisco ios	eq	15.2\(4\)e1
cisco:ios	cisco ios	eq	15.2\(4\)e2
cisco:ios	cisco ios	eq	15.2\(4\)e3
cisco:ios	cisco ios	eq	15.2\(5\)e
cisco:ios	cisco ios	eq	15.2\(5\)e1

Rows per page:

1-10 of 1611

CNA Affected

[
  {
    "product": "Cisco IOS and IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS and IOS XE"
      }
    ]
  }
]

References

www.securityfocus.com/bid/96972

www.securitytracker.com/id/1038064

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani

Social References

6.1 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

7.4 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for CVE-2017-3849

nessus2 prion1 cvelist1 nvd1 openvas2 cisco1