CVE-2017-3861

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 15.0 through 15.6 Cisco IOS XE versions 3.2 through 3.18

Description Multiple vulnerabilities in the EnergyWise module could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. The vulnerabilities can only be triggered by IPv4 packets destined to a device configured as an EnergyWise domain member, and not by IPv6 packets.

Recommendations For Cisco IOS versions 12.2 and 15.0 through 15.6, update to a fixed software version. For Cisco IOS XE versions 3.2 through 3.18, update to a fixed software version. As a temporary workaround, consider restricting access to the EnergyWise module until a patch is available. Note: Cisco has released software updates that address these vulnerabilities, and there are no workarounds that address these vulnerabilities.