Orbit

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability

Advisory ID: cisco-sa-20170320-aniipv6

Revision: 1.0

For Public Release: 2017 March 20 16:00 GMT

Last Updated: 2017 March 20 16:00 GMT

CVE ID(s): CVE-2017-3850

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary ======= A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature.

A device must meet two conditions to be affected by this vulnerability:

The device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured) The device must have a reachable IPv6 interface An exploit could allow the attacker to cause the affected device to reload.

Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-... ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-..."]

Note: Also see the companion advisory for affected devices that are configured as an autonomic registrar: Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-..."].