CVE-2015-0669

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.4S through 15.4(3)S

Description The issue allows remote attackers to modify configuration settings or cause a partial denial of service by sending crafted Autonomic Networking messages on an intranet network. This is due to insufficient validation of received Autonomic Networking messages. An attacker could exploit this by sending crafted messages, potentially overwriting sensitive configuration and causing a partial denial of service condition. The vulnerability can be exploited by accessing trusted, internal networks behind a firewall to send crafted messages to the targeted device.

Recommendations For Cisco IOS versions 15.4S through 15.4(3)S, update to a fixed software version to resolve the issue. As a temporary workaround, consider restricting access to the Autonomic Networking Infrastructure feature until a patch is available.