Details of VAR-201709-0685

ID

VAR-201709-0685

CVE

CVE-2017-12222

TITLE

Cisco IOS XE Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008443

DESCRIPTION

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069. Vendors report this vulnerability Bug IDs: CSCvd45069 Published as.Denial of service (DoS) May be in a state. The Cisco Catalyst 3650 and 3850 switches are Cisco switches. IOSXESoftware is one of the operating systems for network devices. Wirelesscontrollermanager is one of the wireless controller management programs. A denial of service vulnerability exists in the wirelesscontrollermanager in IOSXESoftware on the Cisco Catalyst 3650 and 3850 switches, which stems from a program failing to validate the input

Trust: 2.52

sources: NVD: CVE-2017-12222 // JVNDB: JVNDB-2017-008443 // CNVD: CNVD-2017-34214 // BID: 101035 // VULHUB: VHN-102723

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34214

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.4	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.2a	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.3	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.2	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1.3a	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.2.1	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.1 to 16.3.3	Trust: 0.8
vendor:	cisco	model:	ios xe software \342\211\24516.1 \342\211\24416.3.3	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe software denali	scope:	eq	version:	16.3.2	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	16.3.3	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	16.3.2	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	16.2.1	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	eq	version:	16.1	Trust: 0.3
vendor:	cisco	model:	ios xe software	scope:	ne	version:	16.3.5	Trust: 0.3

sources: CNVD: CNVD-2017-34214 // BID: 101035 // JVNDB: JVNDB-2017-008443 // CNNVD: CNNVD-201709-1308 // NVD: CVE-2017-12222

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12222
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12222
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-34214
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-1308
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102723
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12222
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34214
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102723
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12222
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-34214 // VULHUB: VHN-102723 // JVNDB: JVNDB-2017-008443 // CNNVD: CNNVD-201709-1308 // NVD: CVE-2017-12222

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-399	Trust: 1.9

sources: VULHUB: VHN-102723 // JVNDB: JVNDB-2017-008443 // NVD: CVE-2017-12222

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-1308

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 101035 // CNNVD: CNNVD-201709-1308

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008443

PATCH

title:	cisco-sa-20170927-ios-xe	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe	Trust: 0.8
title:	Patch for Cisco IOSXESoftware Denial of Service Vulnerability (CNVD-2017-34214)	url:	https://www.cnvd.org.cn/patchInfo/show/104522	Trust: 0.6
title:	Cisco Catalyst 3650 and 3850 switch IOS XE Software Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75193	Trust: 0.6

sources: CNVD: CNVD-2017-34214 // JVNDB: JVNDB-2017-008443 // CNNVD: CNNVD-201709-1308

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12222	Trust: 3.4
db:	BID	id:	101035	Trust: 2.6
db:	SECTRACK	id:	1039458	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008443	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1308	Trust: 0.7
db:	CNVD	id:	CNVD-2017-34214	Trust: 0.6
db:	VULHUB	id:	VHN-102723	Trust: 0.1

sources: CNVD: CNVD-2017-34214 // VULHUB: VHN-102723 // BID: 101035 // JVNDB: JVNDB-2017-008443 // CNNVD: CNNVD-201709-1308 // NVD: CVE-2017-12222

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-ios-xe	Trust: 2.6
url:	http://www.securityfocus.com/bid/101035	Trust: 2.3
url:	http://www.securitytracker.com/id/1039458	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12222	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12222	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-34214 // VULHUB: VHN-102723 // BID: 101035 // JVNDB: JVNDB-2017-008443 // CNNVD: CNNVD-201709-1308 // NVD: CVE-2017-12222

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101035

SOURCES

db:	CNVD	id:	CNVD-2017-34214
db:	VULHUB	id:	VHN-102723
db:	BID	id:	101035
db:	JVNDB	id:	JVNDB-2017-008443
db:	CNNVD	id:	CNNVD-201709-1308
db:	NVD	id:	CVE-2017-12222

LAST UPDATE DATE

2024-11-23T22:12:51.259000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34214	date:	2017-11-16T00:00:00
db:	VULHUB	id:	VHN-102723	date:	2019-10-09T00:00:00
db:	BID	id:	101035	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008443	date:	2017-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201709-1308	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12222	date:	2024-11-21T03:09:04.020

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34214	date:	2017-11-16T00:00:00
db:	VULHUB	id:	VHN-102723	date:	2017-09-29T00:00:00
db:	BID	id:	101035	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008443	date:	2017-10-19T00:00:00
db:	CNNVD	id:	CNNVD-201709-1308	date:	2017-09-28T00:00:00
db:	NVD	id:	CVE-2017-12222	date:	2017-09-29T01:34:48.560