Main Vulnerability Database Vulnerabilities #VU6158

Denial of service in Cisco IOS and Cisco IOS XE - CVE-2017-3849

Published: March 22, 2017

Vulnerability identifier: #VU6158

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-3849

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco IOS
Cisco IOS XE

Detailed vulnerability description

The vulnerability allows an unauthenticated, adjacent attacker to cause DoS conditions.

The vulnerability exists in Autonomic Networking Infrastructure (ANI) registrar feature due to incomplete input validation. An attacker can send a specially crafted autonomic network channel discovery packet and cause the affected device to reload.

Successful exploitation of the vulnerability results in denial of service on the vulnerable device.

How to mitigate CVE-2017-3849

Install update from vendor's website.

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani

Denial of service in Cisco IOS and Cisco IOS XE - CVE-2017-3849

Detailed vulnerability description

How to mitigate CVE-2017-3849

Sources

Please verify you're human