CVE-2014-3290

Name of the Vulnerable Software and Affected Versions Cisco IOS XE version 3.12S

Description The issue arises from the mDNS implementation not properly interacting with autonomic networking. This allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response. An attacker could exploit this by capturing data on the segment or sending crafted mDNS responses. Although the attacker does not need to authenticate to the targeted device, they must have access to the same collision or broadcast domain of the device to attempt an exploit.

Recommendations For Cisco IOS XE version 3.12S, update to a newer version that includes the fix for this issue, as confirmed by Cisco in their security notice. As a temporary workaround, consider restricting access to the mDNS service to minimize the risk of exploitation.