CVE-2017-3860

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 12.2 and 15.0 through 15.6 Cisco IOS XE versions 3.2 through 3.18

Description The issue is caused by improper parsing of crafted EnergyWise packets destined to an affected device, which could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. The vulnerabilities can be triggered by sending crafted EnergyWise packets to be processed by an affected device. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities, as IPv6 packets cannot be used to exploit them.

Recommendations For Cisco IOS versions 12.2 and 15.0 through 15.6, update to a fixed version of Cisco IOS Software. For Cisco IOS XE versions 3.2 through 3.18, update to a fixed version of Cisco IOS XE Software. As a temporary workaround, consider restricting access to the EnergyWise module to minimize the risk of exploitation.