CVE-2015-0635Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
9.0CRITICALNVD
EPSS
0.3%
top 51.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 26
Latest updateMay 17

Description

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.

CVSS vector

AV:N/AC:L/C:P/I:P/A:CExploitability: 10.0 | Impact: 8.5

Affected Packages2 packages

NVDcisco/ios29 versions+28
NVDcisco/ios_xe14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-p9jh-j6cv-6pph: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122022-05-17
CVEList
CVE-2015-0635: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122015-03-26

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure2015-03-25
CVE-2015-0635 — Improper Input Validation in Cisco IOS | cvebase