CVE-2017-6664

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions 15.5(1)S3.1 through 16.2.1

Description A vulnerability in the Autonomic Networking feature could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure after the certificate for the autonomic node has been revoked. This issue is related to inadequate access control in the Autonomic Networking component. The vulnerability exists because the affected software does not transfer certificate revocation lists (CRLs) across Autonomic Control Plane (ACP) channels. An attacker could exploit this by connecting an autonomic node with a known and revoked certificate to the autonomic domain of an affected system, potentially allowing the insertion of a previously trusted autonomic node into the autonomic domain after its certificate has been revoked.

Recommendations For Cisco IOS XE Software versions 15.5(1)S3.1 through 16.2.1, consider restricting access to the Autonomic Networking infrastructure until a patch is available. As a temporary workaround, restrict the connection of autonomic nodes with revoked certificates to the autonomic domain. There are no workarounds that fully address this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.