CVE-2017-3862

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 15.0 through 15.6 Cisco IOS XE versions 3.2 through 3.18

Description Multiple vulnerabilities in the EnergyWise module could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. The vulnerabilities can only be triggered by IPv4 packets destined to a device configured as an EnergyWise domain member, and not by IPv6 packets.

Recommendations For Cisco IOS versions 12.2 and 15.0 through 15.6, update to a version that includes the software updates released by Cisco to address these vulnerabilities. For Cisco IOS XE versions 3.2 through 3.18, update to a version that includes the software updates released by Cisco to address these vulnerabilities. As a temporary workaround, consider restricting access to the EnergyWise module until a patch is available. Avoid using the EnergyWise module to minimize the risk of exploitation until the issue is resolved.