Lucene search

CiscoCVE-2017-12222

HistorySep 29, 2017 - 1:34 a.m.

CVE-2017-12222

2017-09-2901:34:48

CWE-20

CWE-399

cisco

web.nvd.nist.gov

cisco

ios xe

vulnerability

cisco catalyst 3650

cisco catalyst 3850

dos

wireless controller

nvd

cve-2017-12222

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.0%

JSON

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.

Affected configurations

Nvd

Node

ciscoios_xeMatch16.1.1

ciscoios_xeMatch16.1.2

ciscoios_xeMatch16.1.3

ciscoios_xeMatch16.1.3a

ciscoios_xeMatch16.1.4

ciscoios_xeMatch16.2.1

ciscoios_xeMatch16.2.2

ciscoios_xeMatch16.2.2a

ciscoios_xeMatch16.2.3

ciscoios_xeMatch16.3.1

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.2

ciscoios_xeMatch16.3.3

VendorProductVersionCPE
ciscoios_xe16.1.1cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*
ciscoios_xe16.1.2cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*
ciscoios_xe16.1.3cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*
ciscoios_xe16.1.3acpe:2.3:o:cisco:ios_xe:16.1.3a:*:*:*:*:*:*:*
ciscoios_xe16.1.4cpe:2.3:o:cisco:ios_xe:16.1.4:*:*:*:*:*:*:*
ciscoios_xe16.2.1cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*
ciscoios_xe16.2.2cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*
ciscoios_xe16.2.2acpe:2.3:o:cisco:ios_xe:16.2.2a:*:*:*:*:*:*:*
ciscoios_xe16.2.3cpe:2.3:o:cisco:ios_xe:16.2.3:*:*:*:*:*:*:*
ciscoios_xe16.3.1cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe	16.1.1	cpe:2.3:o:cisco:ios_xe:16.1.1:::::::*
cisco	ios_xe	16.1.2	cpe:2.3:o:cisco:ios_xe:16.1.2:::::::*
cisco	ios_xe	16.1.3	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
cisco	ios_xe	16.1.3a	cpe:2.3:o:cisco:ios_xe:16.1.3a:::::::*
cisco	ios_xe	16.1.4	cpe:2.3:o:cisco:ios_xe:16.1.4:::::::*
cisco	ios_xe	16.2.1	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
cisco	ios_xe	16.2.2	cpe:2.3:o:cisco:ios_xe:16.2.2:::::::*
cisco	ios_xe	16.2.2a	cpe:2.3:o:cisco:ios_xe:16.2.2a:::::::*
cisco	ios_xe	16.2.3	cpe:2.3:o:cisco:ios_xe:16.2.3:::::::*
cisco	ios_xe	16.3.1	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Cisco IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101035

www.securitytracker.com/id/1039458

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

42.0%

JSON

Related for CVE-2017-12222