—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability

Advisory ID: cisco-sa-20170726-aniacp

Revision: 1.0

For Public Release: 2017 July 26 16:00 GMT

Last Updated: 2017 July 26 16:00 GMT

CVE ID(s): CVE-2017-6665

CVSS Score v(3): 7.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to reset the Autonomic Control Plane (ACP) of an affected system and view ACP packets that are transferred in clear text within an affected system.

The vulnerability is due to unknown reasons. An attacker could exploit this vulnerability by capturing and replaying ACP packets that are transferred within an affected system. A successful exploit could allow the attacker to reset the ACP of an affected system, resulting in a denial of service (DoS) condition. A successful exploit could also allow the attacker to capture and view ACP packets, which should have been encrypted over the ACP, in clear text.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-aniacp”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZeL4GZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmjZg/8CfF+LtY0eMiEdxSG
vCRk9D6DKrl8XTEnYrXiU6ZKaptFnD9ThjjEnGhcXXHafI0zYHWN8g7/YoVgPkTj
aDGT5/RPNzvv3NHe+6iv1adPJFJ2CFIRI5LlS+tSzx9fX3yMhpbCWMs5miBoUKWY
ipy98idswDdNAM8qwVUoHIo1d+WFozO7jEGsTIzw8jhmpXQi9NCtEF0KpPwGSKtU
Yqk/zMNpNcQFV2abhU3SnaaGld016i1uEmyVi5MlbhpV7a/j2PRoRQ3uGTYd/dE+
dWbLo6XyZItFNQHoFNygT1nNh0Hr6tjSMGiwMSqvZZlcB+27upY6+FJSfZ9sUh7D
Ov9nXuK1v02wjkro2e9zN+4jJabaLGKD1OyUHRkEItQw1U834o5EBKkg0XLupSq8
6GMOOxPkJOc2Neg1gkdNPYuCKcMorYZf9vKn++HL2P/v5vpDWRdc116T3X/dexim
0+6jiPCWDep8IcDGFURc3URO8ORKu9lhA4y9SGS6cGE9vj96kVlWHI+LsabDmlRm
vp2ewD7ERo0TqJpgyq2M940xlGw2fSBKQf3qbBgm0gCh7sDY05S2sul9CNvTFoAC
riRcR/Q4Qyzu8Nq80b1LIfy+5Lou92b5NEBiRC8N64cLnIxO0oEXS5wPZmNp0oWV
dXuy47Oyg8BBbxVZpUrzX81YSFA=
=WGH4
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com