CVE-2017-3850

Name of the Vulnerable Software and Affected Versions Cisco IOS Software versions 15.4 through 15.6 Cisco IOS XE Software versions 3.7 through 3.18, and 16

Description A vulnerability in the Autonomic Networking Infrastructure (ANI) feature could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI, and the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload.

Recommendations For Cisco IOS Software versions 15.4 through 15.6, update to a fixed version of the software. For Cisco IOS XE Software versions 3.7 through 3.18, and 16, update to a fixed version of the software. As a temporary workaround, consider restricting access to the IPv6 interface to minimize the risk of exploitation. Note: Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.