CVE-2015-0637

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 Cisco IOS XE versions 3.10.xS through 3.13.xS before 3.13.1S

Description The Autonomic Networking Infrastructure (ANI) implementation allows remote attackers to cause a denial of service (device reload) via spoofed AN messages. This issue could also allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device.

Recommendations For Cisco IOS versions 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4, update to a version that includes the fix for this issue. For Cisco IOS XE versions 3.10.xS through 3.13.xS, update to version 3.13.1S or later. As a temporary workaround, consider disabling the ANI feature until a patch is available. Restrict access to the ANI interface to minimize the risk of exploitation.