CVE-2015-0637Improper Input Validation in Cisco IOS

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 26
Latest updateMay 17

Description

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios28 versions+27
NVDcisco/ios_xe13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-x5w5-ffp9-f388: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122022-05-17
CVEList
CVE-2015-0637: The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 122015-03-26

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco IOS Software and IOS XE Software Autonomic Networking Infrastructure2015-03-25
CVE-2015-0637 — Improper Input Validation in Cisco IOS | cvebase