What Is Cisco IOS Autonomic Networking?
Cisco Autonomic Networking (AN) is a feature in IOS and IOS XE that enables self-managing network behavior — devices can automatically discover peers, establish secure channels, and configure themselves without manual intervention. Autonomic Networking operates over the adjacent network (AV:A), communicating with directly connected peers. CVE-2017-6663 targets the autonomic networking subsystem, allowing an adjacent network attacker to crash autonomic nodes by sending crafted packets.
Overview
CVE-2017-6663 is a denial-of-service vulnerability in the Autonomic Networking feature of Cisco IOS and IOS XE. An unauthenticated attacker on the adjacent network (Layer 2 or directly connected) can send crafted packets that cause autonomic nodes to reload, disrupting autonomic networking functions. The AV:A (adjacent) attack vector limits network-wide impact but enables LAN-segment attackers (internal users, compromised adjacent devices) to crash network devices. Patched in cisco-sa-20170802-ana (August 2017). CISA added CVE-2017-6663 to the KEV catalog in March 2022.
Affected Versions
Cisco IOS and IOS XE software on devices with the Autonomic Networking feature enabled. Devices without Autonomic Networking configured are not affected. Use cisco-sa-20170802-ana for specific version identification.
Technical Details
Root Cause: Improper Input Validation in Autonomic Networking
CVE-2017-6663 is an improper input validation vulnerability (CWE-20) in the Autonomic Networking subsystem. The autonomic node process fails to properly validate certain incoming packets from adjacent network devices, causing the process to crash and trigger a device reload when a crafted packet is received.
| Attribute | Detail |
|---|---|
| Attack Vector | Adjacent network — Layer 2 or directly connected |
| Authentication | None required |
| Prerequisite | Autonomic Networking must be enabled on the device |
| Impact | Autonomic node reload (DoS) |
Exploitation Context
- Internal network risk: The AV:A restriction limits remote exploitation but allows any user on the same LAN segment — a compromised internal host, a rogue device, or an insider — to crash adjacent network infrastructure
- Insider threat relevance: LAN-reachable DoS against network infrastructure is a relevant insider threat scenario; disabling a core switch or router from the internal network can disrupt business operations
- CISA KEV (2022): Added March 3, 2022 as part of the Cisco IOS advisory batch addressing nation-state interest in Cisco infrastructure vulnerabilities
Remediation
-
Apply Cisco IOS security update — upgrade to IOS/IOS XE versions patched per cisco-sa-20170802-ana.
-
Disable Autonomic Networking if not in use — if Autonomic Networking is not actively used, disable the feature:
no autonomicin global configuration eliminates the attack surface entirely. -
Apply Layer 2 segmentation — use port security, 802.1X authentication, and VLAN segmentation to restrict which hosts can reach adjacent network devices; limiting the network attack surface reduces the AV:A exploitation risk.
Key Details
| Property | Value |
|---|---|
| CVE ID | CVE-2017-6663 |
| Vendor / Product | Cisco — IOS and IOS XE Software |
| NVD Published | 2017-08-07 |
| NVD Last Modified | 2025-10-22 |
| CVSS 3.1 Score | 6.5 |
| CVSS 3.1 Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Severity | MEDIUM |
| CWE | CWE-20 — Improper Input Validation find similar ↗ |
| CISA KEV Added | 2022-03-03 |
| CISA KEV Deadline | 2022-03-24 |
| Known Ransomware Use | No |
CVSS 3.1 Breakdown
Required Action
Timeline
| Date | Event |
|---|---|
| 2017-08-02 | Cisco releases advisory cisco-sa-20170802-ana patching CVE-2017-6663 |
| 2017-08-07 | CVE-2017-6663 published by NVD |
| 2022-03-03 | Added to CISA Known Exploited Vulnerabilities catalog |
| 2022-03-24 | CISA BOD 22-01 remediation deadline |
References
| Resource | Type |
|---|---|
| NVD — CVE-2017-6663 | Vulnerability Database |
| CISA KEV Catalog Entry | US Government |
| Cisco Security Advisory cisco-sa-20170802-ana | Vendor Advisory |