Details of VAR-201711-0350

ID

VAR-201711-0350

CVE

CVE-2017-12355

TITLE

Cisco IOS XR Software Resource Management Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010456

DESCRIPTION

A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332. Cisco IOS XR The software contains a resource management vulnerability. Vendors report this vulnerability Bug ID CSCvf76332 Published as.Denial of service (DoS) May be in a state

Trust: 1.98

sources: NVD: CVE-2017-12355 // JVNDB: JVNDB-2017-010456 // BID: 101989 // VULHUB: VHN-102869

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.4.1_base	Trust: 1.6
vendor:	cisco	model:	ios xr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.4.1.base	scope:	eq	version:	9000	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.4.1.17i.base	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.3.2.14i.base	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.3.15.1i.base	scope:	ne	version:	9000	Trust: 0.3
vendor:	cisco	model:	asr series aggregation services routers 6.2.3.2i.base	scope:	ne	version:	9000	Trust: 0.3

sources: BID: 101989 // JVNDB: JVNDB-2017-010456 // CNNVD: CNNVD-201711-1211 // NVD: CVE-2017-12355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12355
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-12355
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201711-1211
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-102869
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-12355
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-102869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-12355
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-102869 // JVNDB: JVNDB-2017-010456 // CNNVD: CNNVD-201711-1211 // NVD: CVE-2017-12355

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-102869 // JVNDB: JVNDB-2017-010456 // NVD: CVE-2017-12355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1211

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-1211

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010456

PATCH

title:	cisco-sa-20171129-ios-xr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr	Trust: 0.8
title:	Cisco IOS XR Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76830	Trust: 0.6

sources: JVNDB: JVNDB-2017-010456 // CNNVD: CNNVD-201711-1211

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12355	Trust: 2.8
db:	BID	id:	101989	Trust: 2.0
db:	SECTRACK	id:	1039927	Trust: 1.7
db:	JVNDB	id:	JVNDB-2017-010456	Trust: 0.8
db:	CNNVD	id:	CNNVD-201711-1211	Trust: 0.6
db:	VULHUB	id:	VHN-102869	Trust: 0.1

sources: VULHUB: VHN-102869 // BID: 101989 // JVNDB: JVNDB-2017-010456 // CNNVD: CNNVD-201711-1211 // NVD: CVE-2017-12355

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171129-ios-xr	Trust: 2.0
url:	http://www.securityfocus.com/bid/101989	Trust: 1.7
url:	http://www.securitytracker.com/id/1039927	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12355	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12355	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-102869 // BID: 101989 // JVNDB: JVNDB-2017-010456 // CNNVD: CNNVD-201711-1211 // NVD: CVE-2017-12355

CREDITS

Cisco

Trust: 0.3

sources: BID: 101989

SOURCES

db:	VULHUB	id:	VHN-102869
db:	BID	id:	101989
db:	JVNDB	id:	JVNDB-2017-010456
db:	CNNVD	id:	CNNVD-201711-1211
db:	NVD	id:	CVE-2017-12355

LAST UPDATE DATE

2024-11-23T22:26:35.963000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-102869	date:	2019-10-09T00:00:00
db:	BID	id:	101989	date:	2017-12-19T22:37:00
db:	JVNDB	id:	JVNDB-2017-010456	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-1211	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12355	date:	2024-11-21T03:09:22.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-102869	date:	2017-11-30T00:00:00
db:	BID	id:	101989	date:	2017-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-010456	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201711-1211	date:	2017-12-01T00:00:00
db:	NVD	id:	CVE-2017-12355	date:	2017-11-30T09:29:01.137