STE WILLIAMS

Cisco’s turned up vulnerabilities in automation software that open the door to denial-of-service and limited access to devices.

The company’s Autonomic Network Infrastructure (ANI) feature in IOS provides self-management for various IPv6-supporting routers and Ethernet switches.

One of the ANI features is to remove the need for pre-staging in network bootstrap, allowing devices join a network on start, so they can be configured over the network rather than through a local port.

The three vulnerabilities exploit this in various ways:

Devices running Cisco IOS and IOS XE, with ANI enabled, are vulnerable. Cisco has released patches for the vulnerable systems listed in its advisory, here. ®

Sponsored:
Designing and building an open ITOA architecture

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/03/26/automatic_attacks_cisco_patches_ios_vulns/