Details of VAR-201709-0694

ID

VAR-201709-0694

CVE

CVE-2017-12237

TITLE

Cisco IOS and IOS XE Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008506

DESCRIPTION

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. Although only IKEv2 packets can be used to trigger this vulnerability, devices that are running Cisco IOS Software or Cisco IOS XE Software are vulnerable when ISAKMP is enabled. A device does not need to be configured with any IKEv2-specific features to be vulnerable. Many features use IKEv2, including different types of VPNs such as the following: LAN-to-LAN VPN; Remote-access VPN, excluding SSL VPN; Dynamic Multipoint VPN (DMVPN); and FlexVPN. Cisco Bug IDs: CSCvc41277. Vendors have confirmed this vulnerability Bug ID CSCvc41277 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Internet Key Exchange Version 2 (IKEv2) module is one of the key exchange protocol modules

Trust: 2.61

sources: NVD: CVE-2017-12237 // JVNDB: JVNDB-2017-008506 // CNVD: CNVD-2017-34218 // BID: 101037 // VULHUB: VHN-102739 // VULMON: CVE-2017-12237

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34218

AFFECTED PRODUCTS

vendor:	cisco	model:	ios	scope:	lte	version:	15.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	lte	version:	16.5	Trust: 1.0
vendor:	cisco	model:	ios	scope:	gte	version:	15.0	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	gte	version:	3.5.0e	Trust: 1.0
vendor:	cisco	model:	ios	scope:	eq	version:	15.0 to 15.6	Trust: 0.8
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.5 to 16.5	Trust: 0.8
vendor:	cisco	model:	ios \342\211\24515 \342\211\24415.6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xe \342\211\245 \342\211\244	scope:	eq	version:	3.516.5	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ex3	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ex	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)se1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ez	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ex5	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ex4	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)se2	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ej	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ej1	Trust: 0.6
vendor:	cisco	model:	ios	scope:	eq	version:	15.0\(2\)ex1	Trust: 0.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	ios	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series 15.5 s4.1	scope:	eq	version:	1000	Trust: 0.3

sources: CNVD: CNVD-2017-34218 // BID: 101037 // JVNDB: JVNDB-2017-008506 // CNNVD: CNNVD-201709-1297 // NVD: CVE-2017-12237

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12237
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12237
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-34218
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-1297
value:	HIGH
Trust: 0.6
VULHUB:	VHN-102739
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-12237
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-12237
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-34218
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102739
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12237
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2017-12237
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-34218 // VULHUB: VHN-102739 // VULMON: CVE-2017-12237 // JVNDB: JVNDB-2017-008506 // CNNVD: CNNVD-201709-1297 // NVD: CVE-2017-12237

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-400	Trust: 0.1

sources: VULHUB: VHN-102739 // JVNDB: JVNDB-2017-008506 // NVD: CVE-2017-12237

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1297

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201709-1297

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008506

PATCH

title:	cisco-sa-20170927-ike	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike	Trust: 0.8
title:	Patch for CiscoIOSandIOSXESoftware Denial of Service Vulnerability (CNVD-2017-34218)	url:	https://www.cnvd.org.cn/patchInfo/show/104507	Trust: 0.6
title:	Cisco IOS and IOS XE Internet Key Exchange Fixes for module resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75605	Trust: 0.6
title:	Cisco: Cisco IOS and IOS XE Software Internet Key Exchange Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170927-ike	Trust: 0.1
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/Ostorlab/KEV	Trust: 0.1

sources: CNVD: CNVD-2017-34218 // VULMON: CVE-2017-12237 // JVNDB: JVNDB-2017-008506 // CNNVD: CNNVD-201709-1297

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12237	Trust: 3.5
db:	BID	id:	101037	Trust: 2.7
db:	SECTRACK	id:	1039460	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-008506	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1297	Trust: 0.7
db:	CNVD	id:	CNVD-2017-34218	Trust: 0.6
db:	VULHUB	id:	VHN-102739	Trust: 0.1
db:	VULMON	id:	CVE-2017-12237	Trust: 0.1

sources: CNVD: CNVD-2017-34218 // VULHUB: VHN-102739 // VULMON: CVE-2017-12237 // BID: 101037 // JVNDB: JVNDB-2017-008506 // CNNVD: CNNVD-201709-1297 // NVD: CVE-2017-12237

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-ike	Trust: 2.7
url:	http://www.securityfocus.com/bid/101037	Trust: 2.5
url:	http://www.securitytracker.com/id/1039460	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12237	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12237	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-ike	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

CREDITS

Cisco

Trust: 0.3

sources: BID: 101037

SOURCES

db:	CNVD	id:	CNVD-2017-34218
db:	VULHUB	id:	VHN-102739
db:	VULMON	id:	CVE-2017-12237
db:	BID	id:	101037
db:	JVNDB	id:	JVNDB-2017-008506
db:	CNNVD	id:	CNNVD-201709-1297
db:	NVD	id:	CVE-2017-12237

LAST UPDATE DATE

2024-11-23T22:26:41.676000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34218	date:	2017-11-16T00:00:00
db:	VULHUB	id:	VHN-102739	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2017-12237	date:	2019-10-09T00:00:00
db:	BID	id:	101037	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008506	date:	2017-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201709-1297	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12237	date:	2024-11-21T03:09:06.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34218	date:	2017-11-16T00:00:00
db:	VULHUB	id:	VHN-102739	date:	2017-09-29T00:00:00
db:	VULMON	id:	CVE-2017-12237	date:	2017-09-29T00:00:00
db:	BID	id:	101037	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008506	date:	2017-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201709-1297	date:	2017-09-28T00:00:00
db:	NVD	id:	CVE-2017-12237	date:	2017-09-29T01:34:48.967