Sign-up

ID

VAR-201709-0706


CVE

CVE-2017-12234


TITLE

Cisco IOS Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-008503 // CNNVD: CNNVD-201709-1300

DESCRIPTION

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. Cisco IOS Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc43709 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco IOS is an operating system developed by Cisco Systems for its network devices

Trust: 2.61

sources: NVD: CVE-2017-12234 // JVNDB: JVNDB-2017-008503 // CNVD: CNVD-2017-34252 // BID: 101038 // VULHUB: VHN-102736 // VULMON: CVE-2017-12234

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34252

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:15.6

Trust: 1.0

vendor:ciscomodel:iosscope:gteversion:12.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:12.4 to 15.6

Trust: 0.8

vendor:ciscomodel:ios \342\211\24512.4 \342\211\24415.6scope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)eb

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.1\(2\)sg7a

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jap9

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jap1n

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.0\(2\)sqd7

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)eb1

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jao20s

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:12.4\(25e\)jao3a

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e5b

Trust: 0.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e3

Trust: 0.6

vendor:ciscomodel:ios softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:industrial ethernet series switchesscope:eqversion:20000

Trust: 0.3

sources: CNVD: CNVD-2017-34252 // BID: 101038 // JVNDB: JVNDB-2017-008503 // CNNVD: CNNVD-201709-1300 // NVD: CVE-2017-12234

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12234
value: HIGH

Trust: 1.0

NVD: CVE-2017-12234
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34252
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-1300
value: HIGH

Trust: 0.6

VULHUB: VHN-102736
value: HIGH

Trust: 0.1

VULMON: CVE-2017-12234
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-12234
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-34252
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102736
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12234
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2017-12234
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-34252 // VULHUB: VHN-102736 // VULMON: CVE-2017-12234 // JVNDB: JVNDB-2017-008503 // CNNVD: CNNVD-201709-1300 // NVD: CVE-2017-12234

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-102736 // JVNDB: JVNDB-2017-008503 // NVD: CVE-2017-12234

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1300

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201709-1300

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008503

PATCH
title:cisco-sa-20170927-cipurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
Trust: 0.8
title:Patch for Cisco IOS Software CommonsIndustrialProtocol Denial of Service Vulnerability (CNVD-2017-34252)url:https://www.cnvd.org.cn/patchInfo/show/104500
Trust: 0.6
title:Cisco IOS Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75185
Trust: 0.6
title:Cisco: Cisco IOS Software Common Industrial Protocol Request Denial of Service Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170927-cip
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/Ostorlab/KEV 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34252 // 
            
            
            
            VULMON: CVE-2017-12234 // 
            
            
            
            JVNDB: JVNDB-2017-008503 // 
            
            
            
            CNNVD: CNNVD-201709-1300

EXTERNAL IDS
db:NVDid:CVE-2017-12234
Trust: 3.5
db:BIDid:101038
Trust: 2.7
db:SECTRACKid:1039459
Trust: 1.8
db:JVNDBid:JVNDB-2017-008503
Trust: 0.8
db:CNNVDid:CNNVD-201709-1300
Trust: 0.7
db:CNVDid:CNVD-2017-34252
Trust: 0.6
db:VULHUBid:VHN-102736
Trust: 0.1
db:VULMONid:CVE-2017-12234
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34252 // 
            
            
            
            VULHUB: VHN-102736 // 
            
            
            
            VULMON: CVE-2017-12234 // 
            
            
            
            BID: 101038 // 
            
            
            
            JVNDB: JVNDB-2017-008503 // 
            
            
            
            CNNVD: CNNVD-201709-1300 // 
            
            
            
            NVD: CVE-2017-12234

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170927-cip
Trust: 2.8
url:http://www.securityfocus.com/bid/101038
Trust: 2.5
url:http://www.securitytracker.com/id/1039459
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12234
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12234
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/ostorlab/kev
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34252 // 
            
            
            
            VULHUB: VHN-102736 // 
            
            
            
            VULMON: CVE-2017-12234 // 
            
            
            
            BID: 101038 // 
            
            
            
            JVNDB: JVNDB-2017-008503 // 
            
            
            
            CNNVD: CNNVD-201709-1300 // 
            
            
            
            NVD: CVE-2017-12234

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101038

SOURCES
db:CNVDid:CNVD-2017-34252
db:VULHUBid:VHN-102736
db:VULMONid:CVE-2017-12234
db:BIDid:101038
db:JVNDBid:JVNDB-2017-008503
db:CNNVDid:CNNVD-201709-1300
db:NVDid:CVE-2017-12234

LAST UPDATE DATE
2024-11-23T22:12:51.220000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34252date:2017-11-17T00:00:00
db:VULHUBid:VHN-102736date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-12234date:2019-10-09T00:00:00
db:BIDid:101038date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-008503date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1300date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12234date:2024-11-21T03:09:05.637

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34252date:2017-11-17T00:00:00
db:VULHUBid:VHN-102736date:2017-09-29T00:00:00
db:VULMONid:CVE-2017-12234date:2017-09-29T00:00:00
db:BIDid:101038date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-008503date:2017-10-20T00:00:00
db:CNNVDid:CNNVD-201709-1300date:2017-09-28T00:00:00
db:NVDid:CVE-2017-12234date:2017-09-29T01:34:48.857