Details of VAR-201709-0674

ID

VAR-201709-0674

CVE

CVE-2017-12211

TITLE

Cisco IOS and Cisco IOS XE Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-007980

DESCRIPTION

A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of the device. The vulnerability is due to IPv6 sub block corruption. An attacker could exploit this vulnerability by polling the affected device IPv6 information. An exploit could allow the attacker to trigger high CPU usage or a reload of the device. Known Affected Releases: Denali-16.3.1. Cisco Bug IDs: CSCvb14640. Cisco IOS and Cisco IOS XE Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb14640 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

Trust: 1.98

sources: NVD: CVE-2017-12211 // JVNDB: JVNDB-2017-007980 // BID: 100648 // VULHUB: VHN-102711

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	eq	version:	3.16.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1	Trust: 1.6
vendor:	cisco	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3

sources: BID: 100648 // JVNDB: JVNDB-2017-007980 // CNNVD: CNNVD-201709-234 // NVD: CVE-2017-12211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12211
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12211
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201709-234
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102711
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12211
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102711
severity:	MEDIUM
baseScore:	6.3
vectorString:	AV:N/AC:M/AU:S/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12211
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102711 // JVNDB: JVNDB-2017-007980 // CNNVD: CNNVD-201709-234 // NVD: CVE-2017-12211

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-102711 // JVNDB: JVNDB-2017-007980 // NVD: CVE-2017-12211

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-234

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-234

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-007980

PATCH

title:	CSCvb14640 - "ipAddressEntry" polling can cause crash	url:	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvb14640	Trust: 0.8
title:	cisco-sa-20170906-snmp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-snmp	Trust: 0.8
title:	Cisco IOS and IOS XE Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74588	Trust: 0.6

sources: JVNDB: JVNDB-2017-007980 // CNNVD: CNNVD-201709-234

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12211	Trust: 2.8
db:	BID	id:	100648	Trust: 2.0
db:	SECTRACK	id:	1039290	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-007980	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-234	Trust: 0.7
db:	VULHUB	id:	VHN-102711	Trust: 0.1

sources: VULHUB: VHN-102711 // BID: 100648 // JVNDB: JVNDB-2017-007980 // CNNVD: CNNVD-201709-234 // NVD: CVE-2017-12211

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170906-snmp	Trust: 2.0
url:	http://www.securityfocus.com/bid/100648	Trust: 1.7
url:	https://quickview.cloudapps.cisco.com/quickview/bug/cscvb14640	Trust: 1.7
url:	http://www.securitytracker.com/id/1039290	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12211	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12211	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102711 // BID: 100648 // JVNDB: JVNDB-2017-007980 // CNNVD: CNNVD-201709-234 // NVD: CVE-2017-12211

CREDITS

Cisco

Trust: 0.3

sources: BID: 100648

SOURCES

db:	VULHUB	id:	VHN-102711
db:	BID	id:	100648
db:	JVNDB	id:	JVNDB-2017-007980
db:	CNNVD	id:	CNNVD-201709-234
db:	NVD	id:	CVE-2017-12211

LAST UPDATE DATE

2024-11-23T21:40:29.099000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102711	date:	2019-10-09T00:00:00
db:	BID	id:	100648	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007980	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-234	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12211	date:	2024-11-21T03:09:02.560

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102711	date:	2017-09-07T00:00:00
db:	BID	id:	100648	date:	2017-09-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-007980	date:	2017-10-05T00:00:00
db:	CNNVD	id:	CNNVD-201709-234	date:	2017-09-11T00:00:00
db:	NVD	id:	CVE-2017-12211	date:	2017-09-07T21:29:00.193