CVE-2017-3849 — Improper Input Validation in Cisco IOS
Severity
7.4HIGHNVD
EPSS
0.1%
top 68.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 21
Latest updateMay 17
Description
A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device tha…
CVSS vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0
Affected Packages2 packages
🔴Vulnerability Details
2GHSA▶
GHSA-3h7c-9m67-pxx8: A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15↗2022-05-17
CVEList▶
CVE-2017-3849: A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15↗2017-03-21
📋Vendor Advisories
1Cisco▶
Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Registrar Denial of Service Vulnerability↗2017-03-20