CVE-2015-0636Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 26
Latest updateMay 17

Description

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine, aka Bug ID CSCup62293.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios23 versions+22
NVDcisco/ios_xe6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-3p62-3xx8-qq46: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122022-05-17
CVEList
CVE-2015-0636: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122015-03-26

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure2015-03-25
CVE-2015-0636 — Improper Input Validation in Cisco IOS | cvebase