SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe remote Cisco device is running a version of Cisco IOS XE software that is potentially affected by a heap-based buffer overflow vulnerability in the GNU C Library (glibc) due to improperly validated user-supplied input to the __nss_hostname_digits_dots(), gethostbyname(), and gethostbyname2() functions. This allows a remote attacker to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
Note that this issue only affects those IOS XE instances that are running as a 'Nova' device, and thus, if the remote IOS XE instance is not running as a 'Nova' device, consider this a false positive.
SolutionApply the relevant patch referenced in Cisco bug ID CSCus69731.