HomePentest-Tools.com Logo

Cisco IOS XE Software IPv6 Denial of Service Vulnerability CVE-2017-3850

CVSSv3 Score
Vulnerability description

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Risk description

The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: - The device must be running a version of Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured) - The device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload.


See the referenced vendor advisory for a solution.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Mar 21, 2017
Detection added at
Software Type
Not available
Not available
Not available