ID

VAR-201710-0648


CVE

CVE-2017-12270


TITLE

Cisco Network Convergence System 5500 For series router Cisco IOS XR Software buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-008859

DESCRIPTION

A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerability is due to the software's inability to process HTTP/2 packets. An attacker could exploit this vulnerability by sending a malformed HTTP/2 frame to the affected device. A successful exploit could allow the attacker to create a DoS condition when the emsd service stops. Cisco Bug IDs: CSCvb99388. Vendors have confirmed this vulnerability Bug ID CSCvb99388 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. IOSXRSoftware is one of a modular, distributed network operating system. Note: Successful exploitation of the issue is possible only if the gRPC is enabled on the device

Trust: 2.52

sources: NVD: CVE-2017-12270 // JVNDB: JVNDB-2017-008859 // CNVD: CNVD-2017-32489 // BID: 101171 // VULHUB: VHN-102776

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32489

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.8

vendor:ciscomodel:network convergence system series 6.1.1.basescope:eqversion:5000

Trust: 0.3

sources: CNVD: CNVD-2017-32489 // BID: 101171 // JVNDB: JVNDB-2017-008859 // CNNVD: CNNVD-201710-048 // NVD: CVE-2017-12270

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12270
value: HIGH

Trust: 1.0

NVD: CVE-2017-12270
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-32489
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-048
value: HIGH

Trust: 0.6

VULHUB: VHN-102776
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12270
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32489
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102776
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12270
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32489 // VULHUB: VHN-102776 // JVNDB: JVNDB-2017-008859 // CNNVD: CNNVD-201710-048 // NVD: CVE-2017-12270

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-102776 // JVNDB: JVNDB-2017-008859 // NVD: CVE-2017-12270

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-048

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201710-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008859

PATCH

title:cisco-sa-20171004-ncsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-ncs

Trust: 0.8

title:Patch for CiscoIOSXRSoftware Denial of Service Vulnerability (CNVD-2017-32489)url:https://www.cnvd.org.cn/patchInfo/show/104536

Trust: 0.6

title:Cisco Network Convergence System 5500 Series Routers IOS XR Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75266

Trust: 0.6

sources: CNVD: CNVD-2017-32489 // JVNDB: JVNDB-2017-008859 // CNNVD: CNNVD-201710-048

EXTERNAL IDS

db:NVDid:CVE-2017-12270

Trust: 3.4

db:BIDid:101171

Trust: 2.6

db:SECTRACKid:1039504

Trust: 1.7

db:JVNDBid:JVNDB-2017-008859

Trust: 0.8

db:CNNVDid:CNNVD-201710-048

Trust: 0.7

db:CNVDid:CNVD-2017-32489

Trust: 0.6

db:VULHUBid:VHN-102776

Trust: 0.1

sources: CNVD: CNVD-2017-32489 // VULHUB: VHN-102776 // BID: 101171 // JVNDB: JVNDB-2017-008859 // CNNVD: CNNVD-201710-048 // NVD: CVE-2017-12270

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171004-ncs

Trust: 2.6

url:http://www.securityfocus.com/bid/101171

Trust: 2.3

url:http://www.securitytracker.com/id/1039504

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12270

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12270

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: CNVD: CNVD-2017-32489 // VULHUB: VHN-102776 // BID: 101171 // JVNDB: JVNDB-2017-008859 // CNNVD: CNNVD-201710-048 // NVD: CVE-2017-12270

CREDITS

Cisco.

Trust: 0.3

sources: BID: 101171

SOURCES

db:CNVDid:CNVD-2017-32489
db:VULHUBid:VHN-102776
db:BIDid:101171
db:JVNDBid:JVNDB-2017-008859
db:CNNVDid:CNNVD-201710-048
db:NVDid:CVE-2017-12270

LAST UPDATE DATE

2024-11-23T22:22:23.740000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-32489date:2017-11-02T00:00:00
db:VULHUBid:VHN-102776date:2019-10-09T00:00:00
db:BIDid:101171date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-008859date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-048date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12270date:2024-11-21T03:09:12.280

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-32489date:2017-11-02T00:00:00
db:VULHUBid:VHN-102776date:2017-10-05T00:00:00
db:BIDid:101171date:2017-10-04T00:00:00
db:JVNDBid:JVNDB-2017-008859date:2017-10-30T00:00:00
db:CNNVDid:CNNVD-201710-048date:2017-10-10T00:00:00
db:NVDid:CVE-2017-12270date:2017-10-05T07:29:00.777