Sign-up

ID

VAR-201711-0307


CVE

CVE-2017-12278


TITLE

Cisco Wireless LAN Controller Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009841

DESCRIPTION

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674. Cisco Wireless LAN Controller Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc71674 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The product provides security policy, intrusion detection and other functions in the wireless LAN. SimpleNetworkManagementProtocol (SNMP) is one of the simple network management subsystems for network device management information exchange. A denial of service vulnerability exists in the Cisco WirelessLANControllerSimpleNetworkManagementProtocol subsystem

Trust: 2.52

sources: NVD: CVE-2017-12278 // JVNDB: JVNDB-2017-009841 // CNVD: CNVD-2017-34239 // BID: 101642 // VULHUB: VHN-102784

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-34239

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllerscope: - version: -

Trust: 0.6

vendor:ciscomodel:wireless lan controllersscope:eqversion:57600

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.3(102.15)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.2(130.202)

Trust: 0.3

sources: CNVD: CNVD-2017-34239 // BID: 101642 // JVNDB: JVNDB-2017-009841 // CNNVD: CNNVD-201711-075 // NVD: CVE-2017-12278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12278
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12278
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-34239
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201711-075
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102784
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12278
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:M/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34239
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102784
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:M/AU:S/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 4.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12278
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-34239 // VULHUB: VHN-102784 // JVNDB: JVNDB-2017-009841 // CNNVD: CNNVD-201711-075 // NVD: CVE-2017-12278

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.1

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-102784 // JVNDB: JVNDB-2017-009841 // NVD: CVE-2017-12278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-075

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201711-075

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009841

PATCH
title:cisco-sa-20171101-wlc1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1
Trust: 0.8
title:Patch for the CiscoWirelessLANControllerSimpleNetworkManagementProtocol Subsystem Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/106233
Trust: 0.6
title:Cisco Wireless LAN Controller Simple Network Management Protocol Subsystem security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76123
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-34239 // 
            
            
            
            JVNDB: JVNDB-2017-009841 // 
            
            
            
            CNNVD: CNNVD-201711-075

EXTERNAL IDS
db:NVDid:CVE-2017-12278
Trust: 3.4
db:BIDid:101642
Trust: 2.6
db:SECTRACKid:1039712
Trust: 1.7
db:JVNDBid:JVNDB-2017-009841
Trust: 0.8
db:CNNVDid:CNNVD-201711-075
Trust: 0.7
db:CNVDid:CNVD-2017-34239
Trust: 0.6
db:VULHUBid:VHN-102784
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-34239 // 
            
            
            
            VULHUB: VHN-102784 // 
            
            
            
            BID: 101642 // 
            
            
            
            JVNDB: JVNDB-2017-009841 // 
            
            
            
            CNNVD: CNNVD-201711-075 // 
            
            
            
            NVD: CVE-2017-12278

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-wlc1
Trust: 2.6
url:http://www.securityfocus.com/bid/101642
Trust: 1.7
url:http://www.securitytracker.com/id/1039712
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12278
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12278
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34239 // 
            
            
            
            VULHUB: VHN-102784 // 
            
            
            
            BID: 101642 // 
            
            
            
            JVNDB: JVNDB-2017-009841 // 
            
            
            
            CNNVD: CNNVD-201711-075 // 
            
            
            
            NVD: CVE-2017-12278

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101642

SOURCES
db:CNVDid:CNVD-2017-34239
db:VULHUBid:VHN-102784
db:BIDid:101642
db:JVNDBid:JVNDB-2017-009841
db:CNNVDid:CNNVD-201711-075
db:NVDid:CVE-2017-12278

LAST UPDATE DATE
2024-11-23T21:40:11.069000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34239date:2017-11-17T00:00:00
db:VULHUBid:VHN-102784date:2019-10-09T00:00:00
db:BIDid:101642date:2017-12-19T21:00:00
db:JVNDBid:JVNDB-2017-009841date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-075date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12278date:2024-11-21T03:09:13.193

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-34239date:2017-11-17T00:00:00
db:VULHUBid:VHN-102784date:2017-11-02T00:00:00
db:BIDid:101642date:2017-11-01T00:00:00
db:JVNDBid:JVNDB-2017-009841date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-075date:2017-11-06T00:00:00
db:NVDid:CVE-2017-12278date:2017-11-02T16:29:00.490