Detections
Analytics
Cisco ANI Configuration Overwrite DoS (CSCup62167)
medium Nessus Plugin ID 83782
Language:
Synopsis
The remote device is affected by a denial of service vulnerability.Description
The remote Cisco device is affected by a vulnerability in the Autonomic Networking Infrastructure (ANI) due to insufficient validation of received Autonomic Networking (AN) messages. A remote, unauthenticated attacker, by sending specially crafted AN messages, can exploit this to overwrite configuration settings, resulting in a denial of service condition in a limited set of router services.Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCup62167.See Also
https://tools.cisco.com/security/center/viewAlert.x?alertId=37935
Plugin Details
Severity: Medium
ID: 83782
File Name: cisco-sn-CVE-2015-0669-ios.nasl
Version: 1.11
Type: combined
Family: CISCO
Published: 5/22/2015
Updated: 12/1/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.7
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P
CVSS Score Source: CVE-2015-0669
Vulnerability Information
CPE: cpe:/o:cisco:ios
Required KB Items: Host/Cisco/IOS/Version
Exploit Ease: No known exploits are available
Patch Publication Date: 3/19/2015
Vulnerability Publication Date: 3/19/2015
Reference Information
CVE: CVE-2015-0669
BID: 73245
CISCO-BUG-ID: CSCup62167