Sign-up

ID

VAR-201709-0705


CVE

CVE-2017-12233


TITLE

Cisco IOS Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-008502 // CNNVD: CNNVD-201709-1301

DESCRIPTION

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCuz95334 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

Trust: 2.61

sources: NVD: CVE-2017-12233 // JVNDB: JVNDB-2017-008502 // CNVD: CNVD-2017-34253 // BID: 101038 // VULHUB: VHN-102735 // VULMON: CVE-2017-12233

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34253

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:12.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4 to 15.6

Trust: 0.8

vendor:ciscomodel:ios \342\211\24512.4 \342\211\24415.6scope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)eb

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sg7a

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jap9

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jap1n

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.0\(2\)sqd7

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)eb1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jao20s

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jao3a

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e5b

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e3

Trust: 0.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:20000

Trust: 0.3

sources: CNVD: CNVD-2017-34253 // BID: 101038 // JVNDB: JVNDB-2017-008502 // CNNVD: CNNVD-201709-1301 // NVD: CVE-2017-12233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12233
value: HIGH

Trust: 1.0

NVD: CVE-2017-12233
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34253
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-1301
value: HIGH

Trust: 0.6

VULHUB: VHN-102735
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12233
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12233
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-34253
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102735
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12233
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-12233
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-34253 // VULHUB: VHN-102735 // VULMON: CVE-2017-12233 // JVNDB: JVNDB-2017-008502 // CNNVD: CNNVD-201709-1301 // NVD: CVE-2017-12233

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-102735 // JVNDB: JVNDB-2017-008502 // NVD: CVE-2017-12233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1301

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201709-1301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008502

PATCH
title:cisco-sa-20170927-cipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
Trust: 0.8
title:CiscoIOSSoftwareCommonIndustrialProtocol Denial of Service Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/104496
Trust: 0.6
title:Cisco IOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75186
Trust: 0.6
title:Cisco: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170927-cip
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34253 // 
            
            
            
            VULMON: CVE-2017-12233 // 
            
            
            
            JVNDB: JVNDB-2017-008502 // 
            
            
            
            CNNVD: CNNVD-201709-1301

EXTERNAL IDS
db:NVDid:CVE-2017-12233
Trust: 3.5
db:BIDid:101038
Trust: 2.7
db:SECTRACKid:1039459
Trust: 1.8
db:JVNDBid:JVNDB-2017-008502
Trust: 0.8
db:CNNVDid:CNNVD-201709-1301
Trust: 0.7
db:CNVDid:CNVD-2017-34253
Trust: 0.6
db:VULHUBid:VHN-102735
Trust: 0.1
db:VULMONid:CVE-2017-12233
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34253 // 
            
            
            
            VULHUB: VHN-102735 // 
            
            
            
            VULMON: CVE-2017-12233 // 
            
            
            
            BID: 101038 // 
            
            
            
            JVNDB: JVNDB-2017-008502 // 
            
            
            
            CNNVD: CNNVD-201709-1301 // 
            
            
            
            NVD: CVE-2017-12233

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-cip
Trust: 2.8
url:http://www.securityfocus.com/bid/101038
Trust: 2.5
url:http://www.securitytracker.com/id/1039459
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12233
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12233
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34253 // 
            
            
            
            VULHUB: VHN-102735 // 
            
            
            
            VULMON: CVE-2017-12233 // 
            
            
            
            BID: 101038 // 
            
            
            
            JVNDB: JVNDB-2017-008502 // 
            
            
            
            CNNVD: CNNVD-201709-1301 // 
            
            
            
            NVD: CVE-2017-12233

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101038

SOURCES
db:CNVDid:CNVD-2017-34253
db:VULHUBid:VHN-102735
db:VULMONid:CVE-2017-12233
db:BIDid:101038
db:JVNDBid:JVNDB-2017-008502
db:CNNVDid:CNNVD-201709-1301
db:NVDid:CVE-2017-12233

LAST UPDATE DATE
2024-11-23T22:12:51.181000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34253date:2017-11-17T00:00:00
db:VULHUBid:VHN-102735date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12233date:2019-10-09T00:00:00
db:BIDid:101038date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-008502date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1301date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12233date:2024-11-21T03:09:05.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34253date:2017-11-17T00:00:00
db:VULHUBid:VHN-102735date:2017-09-29T00:00:00
db:VULMONid:CVE-2017-12233date:2017-09-29T00:00:00
db:BIDid:101038date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-008502date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1301date:2017-09-28T00:00:00
db:NVDid:CVE-2017-12233date:2017-09-29T01:34:48.827