#VU6158 Denial of service in Cisco IOS and Cisco IOS XE - CVE-2017-3849

Vulnerability identifier: #VU6158

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3849

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Cisco IOS
Cisco IOS XE

Software vendor:
Cisco Systems, Inc

The vulnerability allows an unauthenticated, adjacent attacker to cause DoS conditions.

The vulnerability exists in Autonomic Networking Infrastructure (ANI) registrar feature due to incomplete input validation. An attacker can send a specially crafted autonomic network channel discovery packet and cause the affected device to reload.

Successful exploitation of the vulnerability results in denial of service on the vulnerable device.

Install update from vendor's website.

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani