Details of VAR-201702-0800

ID

VAR-201702-0800

CVE

CVE-2017-3812

TITLE

Cisco Industrial Ethernet 2000 Series Switches Denial of service vulnerability

Trust: 0.8

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNVD: CNVD-2017-01165

DESCRIPTION

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2. Vendors have confirmed this vulnerability Bug ID CSCvc54788 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. Cisco Industrial Ethernet 2000 (IE2000) SeriesSwitches is an industrial Ethernet 2000 series switch from Cisco. The vulnerability stems from the failure of the program to properly handle specially crafted CIP packets. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCvc54788

Trust: 2.7

sources: NVD: CVE-2017-3812 // JVNDB: JVNDB-2017-001696 // CNVD: CNVD-2017-01165 // BID: 95946 // IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // VULHUB: VHN-112015

IOT TAXONOMY

category:	['IoT', 'ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNVD: CNVD-2017-01165

AFFECTED PRODUCTS

vendor:	cisco	model:	industrial ethernet 2000 series	scope:	lte	version:	15.2\(5.4.32i\)e2	Trust: 1.0
vendor:	cisco	model:	industrial ethernet 2000 series	scope:	eq	version:	15.2(5.4.32i)e2	Trust: 0.8
vendor:	cisco	model:	industrial ethernet series switches	scope:	eq	version:	2000	Trust: 0.6
vendor:	cisco	model:	industrial ethernet 2000 series	scope:	eq	version:	15.2\(5.4.32i\)e2	Trust: 0.6
vendor:	cisco	model:	industrial ethernet series switches	scope:	eq	version:	20000	Trust: 0.3
vendor:	industrial ethernet 2000 series	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNVD: CNVD-2017-01165 // BID: 95946 // JVNDB: JVNDB-2017-001696 // CNNVD: CNNVD-201702-018 // NVD: CVE-2017-3812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3812
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-3812
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-01165
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-018
value:	MEDIUM
Trust: 0.6
IVD:	649725b7-5680-4423-a795-6f2ceac1ca5d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-112015
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-3812
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-01165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	649725b7-5680-4423-a795-6f2ceac1ca5d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-112015
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-3812
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNVD: CNVD-2017-01165 // VULHUB: VHN-112015 // JVNDB: JVNDB-2017-001696 // CNNVD: CNNVD-201702-018 // NVD: CVE-2017-3812

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.1
problemtype:	CWE-399	Trust: 0.9

sources: VULHUB: VHN-112015 // JVNDB: JVNDB-2017-001696 // NVD: CVE-2017-3812

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-018

TYPE

Resource management error

Trust: 0.8

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNNVD: CNNVD-201702-018

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-001696

PATCH

title:

cisco-sa-20170201-psc1

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1

Trust: 0.8

sources: JVNDB: JVNDB-2017-001696

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3812	Trust: 3.6
db:	BID	id:	95946	Trust: 2.6
db:	SECTRACK	id:	1037771	Trust: 1.7
db:	CNNVD	id:	CNNVD-201702-018	Trust: 0.9
db:	CNVD	id:	CNVD-2017-01165	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-001696	Trust: 0.8
db:	IVD	id:	649725B7-5680-4423-A795-6F2CEAC1CA5D	Trust: 0.2
db:	VULHUB	id:	VHN-112015	Trust: 0.1

sources: IVD: 649725b7-5680-4423-a795-6f2ceac1ca5d // CNVD: CNVD-2017-01165 // VULHUB: VHN-112015 // BID: 95946 // JVNDB: JVNDB-2017-001696 // CNNVD: CNNVD-201702-018 // NVD: CVE-2017-3812

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170201-psc1	Trust: 2.6
url:	http://www.securityfocus.com/bid/95946	Trust: 1.7
url:	http://www.securitytracker.com/id/1037771	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3812	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-3812	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-01165 // VULHUB: VHN-112015 // BID: 95946 // JVNDB: JVNDB-2017-001696 // CNNVD: CNNVD-201702-018 // NVD: CVE-2017-3812

CREDITS

Cisco

Trust: 0.3

sources: BID: 95946

SOURCES

db:	IVD	id:	649725b7-5680-4423-a795-6f2ceac1ca5d
db:	CNVD	id:	CNVD-2017-01165
db:	VULHUB	id:	VHN-112015
db:	BID	id:	95946
db:	JVNDB	id:	JVNDB-2017-001696
db:	CNNVD	id:	CNNVD-201702-018
db:	NVD	id:	CVE-2017-3812

LAST UPDATE DATE

2024-11-23T22:59:21.525000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-01165	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112015	date:	2019-10-03T00:00:00
db:	BID	id:	95946	date:	2017-02-02T09:05:00
db:	JVNDB	id:	JVNDB-2017-001696	date:	2017-03-14T00:00:00
db:	CNNVD	id:	CNNVD-201702-018	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-3812	date:	2024-11-21T03:26:09.900

SOURCES RELEASE DATE

db:	IVD	id:	649725b7-5680-4423-a795-6f2ceac1ca5d	date:	2017-02-09T00:00:00
db:	CNVD	id:	CNVD-2017-01165	date:	2017-02-09T00:00:00
db:	VULHUB	id:	VHN-112015	date:	2017-02-03T00:00:00
db:	BID	id:	95946	date:	2017-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2017-001696	date:	2017-03-14T00:00:00
db:	CNNVD	id:	CNNVD-201702-018	date:	2017-02-04T00:00:00
db:	NVD	id:	CVE-2017-3812	date:	2017-02-03T07:59:00.763