Strix
26.1K

CVE-2015-0635

UnknownEPSS 2.13%

Last modified

CVE-2015-0635 is a vulnerability of currently unknown severity. The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.. EPSS estimates a 2.13% chance of exploitation in the next 30 days.

Description

The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.

Metrics

EPSS Probability
2.13%

79.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIos Xe3.10s.0
CiscoIos Xe3.10s.1
CiscoIos Xe3.10s.2
CiscoIos Xe3.10s.3
CiscoIos Xe3.10s.4
CiscoIos Xe3.10s.5
CiscoIos Xe3.11s.0
CiscoIos Xe3.11s.1
CiscoIos Xe3.11s.2
CiscoIos Xe3.11s.3
CiscoIos Xe3.12s.0
CiscoIos Xe3.12s.1
CiscoIos Xe3.12s.2
CiscoIos Xe3.13s.0
CiscoIos12.2\(33\)ird1
CiscoIos12.2\(33\)ire3
CiscoIos12.2\(33\)sxi4b
CiscoIos12.2\(44\)sq1
CiscoIos12.4\(25e\)jam1
CiscoIos12.4\(25e\)jap1m
CiscoIos12.4\(25e\)jaz1
CiscoIos15.0\(2\)ed1
CiscoIos15.2\(1\)ex
CiscoIos15.2\(2\)jb1
CiscoIos15.3\(2\)s2
CiscoIos15.3\(3\)ja1n
CiscoIos15.3\(3\)jab1
CiscoIos15.3\(3\)jn
CiscoIos15.3\(3\)jnb
CiscoIos15.3\(3\)s
CiscoIos15.3\(3\)s1
CiscoIos15.3\(3\)s2
CiscoIos15.3\(3\)s3
CiscoIos15.3\(3\)s4
CiscoIos15.3\(3\)s5
CiscoIos15.4\(1\)s
CiscoIos15.4\(1\)s1
CiscoIos15.4\(1\)s2
CiscoIos15.4\(1\)s3
CiscoIos15.4\(2\)s
CiscoIos15.4\(2\)s1
CiscoIos15.4\(2\)s2
CiscoIos15.4\(3\)s

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-0635?
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.
How severe is CVE-2015-0635?
Severity scoring for CVE-2015-0635 is pending analysis. The EPSS model estimates a 2.13% probability of exploitation in the next 30 days.
How do I fix CVE-2015-0635?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-0635?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST