CVE-2015-0636

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 Cisco IOS XE versions 3.10.xS through 3.13.xS before 3.13.1S

Description The Autonomic Networking Infrastructure (ANI) implementation allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine. This issue could also allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.10.xS through 3.13.xS, update to version 3.13.1S or later to resolve the issue. As a temporary workaround, consider restricting access to the ANI feature to minimize the risk of exploitation.