On March 25, Cisco announced a security advisory for a vulnerability in the Autonomic Networking Infrastructure (ANI) feature of Cisco IOS Software and IOS XE Software. This vulnerability could allow an unauthenticated, remote attacker to spoof an Autonomic Networking Registration Authority (ANRA) response. This vulnerability is documented in Cisco bug ID CSCup62191 and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-0635 . The Common Vulnerability Scoring System (CVSS) temporal score for this vulnerability is 7.0.

 

The April 2015 edition of SteelCentral NetAuditor Advisory Service update is now available for versions 18.0.0, 18.0.1, 18.0.2, and 18.0.3. This update includes a security advisory rule for identifying devices affected by this vulnerability.

  • New Security Advisory Rule
    • IOS and IOS XE Software Autonomic Networking Infrastructure Vulnerabilities (cisco-sa-20150325-ani)

 

You can download this update directly from NetAuditor by:

  • Manually selecting NetDoctor / Advisories / Download Now, or
  • Adding an automation step to download new update.
    • See user guide section: "Modules / NetDoctor / SteelCentral NetAuditor Advisory Service".

 

You can also download the patch installer from the SAS Website (requires login).

 

Please contact Riverbed Technical Support with your questions/comments.