The Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software has multiple vulnerabilities which could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or gain limited command and control of the device. Autonomic Networking Registration Authority Spoofing Vulnerability Autonomic Networking Infrastructure Spoofed Autonomic Networking Messages Denial of Service Vulnerability Autonomic Networking Infrastructure Device Reload Denial of Service Vulnerability Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ani Note: The March 25, 2015, Cisco IOS & XE Software Security Advisory bundled publication includes seven Cisco Security Advisories. The advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: Semiannual Cisco IOS & XE Software Security Advisory Bundled Publication at the following link: http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_mar15.html
Cisco provides a tool to help customers determine their exposure to vulnerabilities in Cisco IOS Software. The Cisco IOS Software Checker allows customers to perform the following tasks:
The tool identifies any Cisco Security Advisories that impact a queried software release and the earliest release that corrects all vulnerabilities in each Cisco Security Advisory ("First Fixed"). If applicable, the tool also returns the earliest possible release that corrects all vulnerabilities in all displayed advisories ("Combined First Fixed"). Please visit the Cisco IOS Software Checker or enter a Cisco IOS Software release in the following field to determine whether the release is affected by any published Cisco IOS Software advisory.
(Example entry: 15.1(4)M2)
Cisco IOS XE Software Release | First Fixed Release | First Fixed Release for All Advisories in the March 2015 Cisco IOS Software Security Advisory Bundled Publication |
---|---|---|
2.5.x | Not vulnerable |
Vulnerable; migrate to 3.12.3S or later. |
2.6.x | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.1.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.1.xSG | Not vulnerable | Not vulnerable |
3.2.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.2.xSE | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.2.xSG | Not vulnerable | Not vulnerable |
3.2.xXO | Not vulnerable | Not vulnerable |
3.2.xSQ | Not vulnerable | Not vulnerable |
3.3.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.3.xSE | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.3.xSG | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.3.xXO | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.3.xSQ | Not vulnerable | Not vulnerable |
3.4.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.4.xSG | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.4.xSQ | Not vulnerable | Not vulnerable |
3.5.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.5.xE | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.6.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.6.xE | Not vulnerable | Vulnerable; migrate to 3.7.1E or later. |
3.7.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.7.xE | Not vulnerable | 3.7.1E |
3.8.xS | Not vulnerable |
Vulnerable; migrate to 3.12.3S or later. |
3.9.xS | Not vulnerable | Vulnerable; migrate to 3.12.3S or later. |
3.10.xS | Vulnerable; migrate to 3.13.1S or later | Vulnerable; migrate to 3.12.3S or later. |
3.11.xS | Vulnerable; migrate to 3.13.1S or later | Vulnerable; migrate to 3.12.3S or later. |
3.12.xS | Vulnerable; migrate to 3.13.1S or later | Vulnerable; migrate to 3.12.3S or later. |
3.13.xS | 3.13.1S |
3.13.2S |
3.14.xS |
Not vulnerable |
Not vulnerable |
3.15.xS |
Not vulnerable | Not vulnerable |
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Version | Description | Section | Status | Date |
---|---|---|---|---|
1.2 | Updated Cisco IOS Checker Software Checker form to query all previously published Cisco IOS Software Security Advisories. | 2016-January-14 | ||
1.1 | Updated the First Fixed Release for All Advisories in the March 2015 Cisco IOS Software Security Advisory Bundled Publication table. | 2015-March-25 |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.