CVE-2014-3405

Name of the Vulnerable Software and Affected Versions Cisco IOS XE (affected versions not specified)

Description The issue allows remote attackers to conduct route-injection attacks via crafted RPL advertisements on an ANI interface. This is due to the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) being active on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces. An attacker could exploit this by sending crafted RPL advertisements to the ANI device. The attacker must be on the same broadcast or collision domain as the targeted device to exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.