CVE-2015-0635
Cisco IOS and IOS XE - Denial of Service via Spoofed ANRA Responses
Title source: llmDescription
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031982
Scores
EPSS
0.0211
EPSS Percentile
79.6%
Details
CWE
CWE-20
Status
published
Products (43)
cisco/ios
12.2\(33\)ird1
cisco/ios
12.2\(33\)ire3
cisco/ios
12.2\(33\)sxi4b
cisco/ios
12.2\(44\)sq1
cisco/ios
12.4\(25e\)jam1
cisco/ios
12.4\(25e\)jap1m
cisco/ios
12.4\(25e\)jaz1
cisco/ios
15.0\(2\)ed1
cisco/ios
15.2\(1\)ex
cisco/ios
15.2\(2\)jb1
... and 33 more
Published
Mar 26, 2015
Tracked Since
Feb 18, 2026