CVE-2017-3850 — Improper Input Validation in Cisco IOS

CWE-20 — Improper Input Validation CWE-2645 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 39.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco IOS XE

Timeline

PublishedMar 21

Latest updateMay 13

Description

A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software re…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/ios62 versions+61

▶NVDcisco/ios_xe81 versions+80

🔴Vulnerability Details

GHSA

GHSA-jhqw-56w5-968x: A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15↗2022-05-13

▶

CVEList

CVE-2017-3850: A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15↗2017-03-21

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability↗2017-09-27

▶

Cisco

Cisco IOS and IOS XE Software IPv6 Denial of Service Vulnerability↗2017-03-20

▶