漏洞标题
N/A
漏洞描述信息
Cisco IOS软件(15.4 through 15.6)和Cisco IOS XE软件(3.7 through 3.18,和16)的自主网络基础设施(ANI)功能的一个漏洞可能导致无验证的远程攻击者造成服务拒绝(DoS)情况。该漏洞是由于某些精心构造的 packets 的输入验证不完全。攻击者可以通过向运行支持ANI功能的Cisco IOS软件或Cisco IOS XE软件发布的设备发送精心构造的IPv6 packets来利用此漏洞。受影响的设备必须满足两个条件:(1)设备必须运行支持ANI功能的Cisco IOS软件或Cisco IOS XE软件版本( regardless of whether ANI is configured); and (2)设备必须有一个可到达的IPv6接口。漏洞利用可能导致攻击者使受影响的设备重新加载。Cisco bug ID: CSCvc42729。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software (15.4 through 15.6) and Cisco IOS XE Software (3.7 through 3.18, and 16) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted IPv6 packet to a device that is running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature. A device must meet two conditions to be affected by this vulnerability: (1) the device must be running a version of Cisco IOS Software or Cisco IOS XE Software that supports ANI (regardless of whether ANI is configured); and (2) the device must have a reachable IPv6 interface. An exploit could allow the attacker to cause the affected device to reload. Cisco Bug IDs: CSCvc42729.
CVSS信息
N/A
漏洞类别
输入验证不恰当
漏洞标题
Cisco IOS和IOS XE Software 安全漏洞
漏洞描述信息
Cisco IOS和IOS XE Software都是美国思科(Cisco)公司为其网络设备开发的操作系统。 Cisco IOS和IOS XE Software中的Autonomic Networking Infrastructure (ANI)功能存在拒绝服务漏洞,该漏洞源于程序没有充分过滤数据包。远程攻击者可通过发送特制的IPv6报文利用该漏洞造成拒绝服务。
CVSS信息
N/A
漏洞类别
输入验证错误