====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN118
_____________________________________________________________________

DATE                : 20/04/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco IOS, Cisco IOS XE.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
____________________________________________________________________

Cisco Security Advisory: Cisco IOS and IOS XE Software EnergyWise

Denial of Service Vulnerabilities

Advisory ID: cisco-sa-20170419-energywise

Revision: 1.0

For Public Release: 2017 April 19 16:00 GMT

Last Updated: 2017 April 19 16:00 GMT

CVE ID(s): CVE-2017-3860, CVE-2017-3861, CVE-2017-3862, CVE-2017-3863

CVSS Score v(3): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
Multiple vulnerabilities in the EnergyWise module of Cisco IOS and
Cisco IOS XE Software could allow an unauthenticated, remote attacker
to cause a buffer overflow condition or a reload of an affected device,
leading to a denial of service (DoS) condition.

These vulnerabilities are due to improper parsing of crafted EnergyWise
packets destined to an affected device. An attacker could exploit these
vulnerabilities by sending crafted EnergyWise packets to be processed
by an affected device. An exploit could allow the attacker to cause a
buffer overflow condition or a reload of the affected device, leading
to a DoS condition.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================