CVE-2015-0635

Cisco IOS and IOS XE - Denial of Service via Spoofed ANRA Responses

Title source: llm
STIX 2.1

Description

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031982

Scores

EPSS 0.0211
EPSS Percentile 79.6%

Details

CWE
CWE-20
Status published
Products (43)
cisco/ios 12.2\(33\)ird1
cisco/ios 12.2\(33\)ire3
cisco/ios 12.2\(33\)sxi4b
cisco/ios 12.2\(44\)sq1
cisco/ios 12.4\(25e\)jam1
cisco/ios 12.4\(25e\)jap1m
cisco/ios 12.4\(25e\)jaz1
cisco/ios 15.0\(2\)ed1
cisco/ios 15.2\(1\)ex
cisco/ios 15.2\(2\)jb1
... and 33 more
Published Mar 26, 2015
Tracked Since Feb 18, 2026