Cisco patches IOS to stop automation exploitation
Cisco’s turned up vulnerabilities in automation software that open the door to denial-of-service and limited access to devices.
The company’s Autonomic Network Infrastructure (ANI) feature in IOS provides self-management for various IPv6-supporting routers and Ethernet switches.
One of the ANI features is to remove the need for pre-staging in network bootstrap, allowing devices join a network on start, so they can be configured over the network rather than through a local port.
The three vulnerabilities exploit this in various ways:
Devices running Cisco IOS and IOS XE, with ANI enabled, are vulnerable. Cisco has released patches for the vulnerable systems listed in its advisory, here. ®
Sponsored:
Designing and building an open ITOA architecture
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/03/26/automatic_attacks_cisco_patches_ios_vulns/