Details of VAR-201709-0696

ID

VAR-201709-0696

CVE

CVE-2017-12239

TITLE

Cisco IOS XE Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-008508

DESCRIPTION

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device's operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device's operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132. Cisco IOS XE Contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvc65866 and CSCve77132 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Cisco ASR1000 is a system router provided by Cisco. Multiple Cisco Products are prone to an local unauthorized-access vulnerability. This may aid in further attacks. IOS XE is a dedicated operating system for a set of network devices used in it

Trust: 2.52

sources: NVD: CVE-2017-12239 // JVNDB: JVNDB-2017-008508 // CNVD: CNVD-2017-34251 // BID: 101042 // VULHUB: VHN-102741

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-34251

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4bs	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2bs	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.2as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.1s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.3as	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.9	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1hsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.6s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.5b	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1asp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4ds	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1isp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0sp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5bs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.1cs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.1as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1gsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4es	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.4.3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.6as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.2as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.7	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.0as	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1bsp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.1csp	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.1a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.2s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.18.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13.5s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.17.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14.1s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16.4gs	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3a	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.8	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.9.3s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.6	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	16.3.11	Trust: 1.0
vendor:	cisco	model:	ios xe software	scope:	eq	version:	0	Trust: 0.9
vendor:	cisco	model:	asr series aggregation services routers 15.6 m	scope:	eq	version:	1000	Trust: 0.9
vendor:	cisco	model:	cbr series converged broadband routers everest-16.5.1	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.16 to 16.5	Trust: 0.8

sources: CNVD: CNVD-2017-34251 // BID: 101042 // JVNDB: JVNDB-2017-008508 // CNNVD: CNNVD-201709-1295 // NVD: CVE-2017-12239

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12239
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12239
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2017-34251
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201709-1295
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102741
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-12239
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-34251
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-102741
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12239
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2017-12239
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-34251 // VULHUB: VHN-102741 // JVNDB: JVNDB-2017-008508 // CNNVD: CNNVD-201709-1295 // NVD: CVE-2017-12239

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-798	Trust: 1.0
problemtype:	CWE-287	Trust: 0.1

sources: VULHUB: VHN-102741 // JVNDB: JVNDB-2017-008508 // NVD: CVE-2017-12239

THREAT TYPE

local

Trust: 0.9

sources: BID: 101042 // CNNVD: CNNVD-201709-1295

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-1295

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008508

PATCH

title:	cisco-sa-20170927-cc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc	Trust: 0.8
title:	Cisco ASR1000 Unauthorized Access Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/104542	Trust: 0.6
title:	Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers IOS XE Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75604	Trust: 0.6

sources: CNVD: CNVD-2017-34251 // JVNDB: JVNDB-2017-008508 // CNNVD: CNNVD-201709-1295

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12239	Trust: 3.4
db:	BID	id:	101042	Trust: 2.6
db:	SECTRACK	id:	1039454	Trust: 1.7
db:	SECTRACK	id:	1039455	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-008508	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-1295	Trust: 0.7
db:	CNVD	id:	CNVD-2017-34251	Trust: 0.6
db:	VULHUB	id:	VHN-102741	Trust: 0.1

sources: CNVD: CNVD-2017-34251 // VULHUB: VHN-102741 // BID: 101042 // JVNDB: JVNDB-2017-008508 // CNNVD: CNNVD-201709-1295 // NVD: CVE-2017-12239

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-cc	Trust: 2.6
url:	http://www.securityfocus.com/bid/101042	Trust: 1.7
url:	http://www.securitytracker.com/id/1039454	Trust: 1.7
url:	http://www.securitytracker.com/id/1039455	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12239	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12239	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2017-34251 // VULHUB: VHN-102741 // BID: 101042 // JVNDB: JVNDB-2017-008508 // CNNVD: CNNVD-201709-1295 // NVD: CVE-2017-12239

CREDITS

Cisco

Trust: 0.3

sources: BID: 101042

SOURCES

db:	CNVD	id:	CNVD-2017-34251
db:	VULHUB	id:	VHN-102741
db:	BID	id:	101042
db:	JVNDB	id:	JVNDB-2017-008508
db:	CNNVD	id:	CNNVD-201709-1295
db:	NVD	id:	CVE-2017-12239

LAST UPDATE DATE

2024-11-23T23:08:55.761000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-34251	date:	2017-11-17T00:00:00
db:	VULHUB	id:	VHN-102741	date:	2019-10-09T00:00:00
db:	BID	id:	101042	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008508	date:	2017-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201709-1295	date:	2021-02-07T00:00:00
db:	NVD	id:	CVE-2017-12239	date:	2024-11-21T03:09:06.343

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-34251	date:	2017-11-16T00:00:00
db:	VULHUB	id:	VHN-102741	date:	2017-09-29T00:00:00
db:	BID	id:	101042	date:	2017-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2017-008508	date:	2017-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201709-1295	date:	2017-09-28T00:00:00
db:	NVD	id:	CVE-2017-12239	date:	2017-09-29T01:34:49.030