Cisco IOS XE Software IPv6 Denial of Service Vulnerability CVE-2017-3850
- CVSSv3 Score
- Vulnerability description
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
- Risk description
The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: - The device must be running a version of Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured) - The device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload.
See the referenced vendor advisory for a solution.
- Not available