CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.0%
According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability due to insufficient input validation in the wireless controller manager. An unauthenticated, adjacent attacker can exploit this, by submitting a crated association request, to cause the switch to restart repeatedly and, consequently, stop responding.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#TRUSTED 1064656a1c0fe7ef7a9138055c32f500a0841feb5402942482c44c75fbf4a3dec7f54c250bbe04dd28bcff93133500eceb10ecbae4c1fb44d3a4321ce0c4ab06b5b7ab1029f7b1279f8d338e379d2ac78802ab3a146c6541dea31eca46e93733923e715d1b4859715e8037bd1e35cb4f8b9017289fa4195212f39eb4a6cc07d0ed343552075ee467f22d3f1bcde48633a66f9dc08f641f895afb61db183ee037e220b3b9f3e6f460199516aa0e1678f5992860b101550d104a801cdc437cfb58e17a34e634c9822133d283cc1128299510f1d7dd7938240e00514db50383d056cc6da936e5f4b1bd31f2f42ba453c73bacbb5e02d7fc99abe5ef20b71146b067e0c438d62f910e13f6e1f4a665b73c138c3e88cbaf777f99b77e8fe519936b338488c66073fb23de929a3728b2376d07cdf524984669ba7868b71348796e2863e8799a6b644053937350f10621571f618e41f2c617c1cd1712451b39bc17f97b7ece3f3485249c5c53a563257a29917e06bcfc91cd9f58f1db105997744b985d0156c225f58ce561cc50e59cb48679a438179bd5878644badae65aa2c4ccf47f18337dc6e0ee1dabc0809991ed87432b084738ddaedf8a796f21129d4d334583e484a2a1e494ed3ee39e5cbb350802c607b8aa6aa0cc8ff68e67e895b60aab5f67936c9c25926fe50d54a46c14e3d64e12735b7dab31bd263463c3f7b730da4a
#TRUST-RSA-SHA256 4b2a2db60da21eb96c094fce94c05ff4268db3db673e03dc65b0c8b406cbc218cfb786097edbfcf0ef1a08523c3170b26ba378677161abac83db47de89d72cf1f10f3cd847c141d7be2e875a1ca2ccc1b001dfb9ab2fe2bd8fb0e97f5bb566e2b24d13f1cdd56410d49e145ee62230ef93df77b9c2e5f37e6deaf4197e27920079d549e8d180001106533e2b212ebedaf9fb3d38f2067524694eee6808fe8e242692b1050552dde97db63fc948d5a530b18b87860bfcd875448e9a7bde5620b2bc5d80c6bd37536a8c491bd10166697165e2eb82238c74bf3a86cb17b2bfa1dadc179f52dd8c0b2ca9b37873b2eb8a01da63c462a95e5bbbdb9772f5c05b8f56eff63122e087087e88ae5c45abeedcae2aced087ca81b4e21d010e9a55420afd3c84f0feb452602ac42a90827615ab0175c7dfc7e2aeadbd347f0c39d9eb93aa6ced937a64f50b86e90fa48786e24c41670352e16839db0c976e8943f0f3ff006028619500be418ccf73fc88ea91e7fda4e02fbba326ab8ee44dbe347e62b88903e3b29aac15c600cbfc14c32d3ab5289ec6fbb15a240574070fffb5d5177f44dbc9b2eb2b656bbfae71534ac1f5c58e57e6df2bc0f238d3f0a07629f8b4024933616233e7acec9655ff0e0ee3a490fd9714bc5b82cd0b13f515fd9bc56ada7180930586f967cb6cee69174d12b9320e9798cf6357f5cb04258d38001f89d41b
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(131192);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/03");
script_cve_id("CVE-2017-12222");
script_bugtraq_id(101035);
script_xref(name:"CISCO-BUG-ID", value:"CSCvd45069");
script_xref(name:"CISCO-SA", value:"cisco-sa-20170927-ios-xe");
script_name(english:"Cisco IOS XE Wireless Controller Manager DoS (cisco-sa-20170927-ios-xe)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco IOS XE Software is affected by a denial of service (DoS) vulnerability
due to insufficient input validation in the wireless controller manager. An unauthenticated, adjacent attacker can
exploit this, by submitting a crated association request, to cause the switch to restart repeatedly and, consequently,
stop responding.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2904d654");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd45069");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID(s) CSCvd45069.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12222");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/28");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ios_xe");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_ios_xe_version.nasl");
script_require_keys("Host/Cisco/IOS-XE/Version");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco IOS XE Software');
model = get_kb_item('Host/Cisco/IOS-XE/Model');
device_model = get_kb_item_or_exit('Host/Cisco/device_model');
# Affected models:
# Cisco Catalyst 3650 and 3850 switches
# A previous advisory had the last two digits both 0 for Catalyst even though more precision was specified in the
# advisory, so do the same here.
vuln = FALSE;
if (device_model =~ "cat" &&
product_info.model =~ "3[68][0-9]{2}")
vuln = TRUE;
# The 'show version' output from the advisory contains no model. In case we don't have a model match but paranoia is
# enabled, we'll continue to report.
if (!vuln && report_paranoia < 2)
audit(AUDIT_HOST_NOT, "affected");
vuln_ranges = [{'min_ver' : '16.1', 'fix_ver' : '16.3.4'}];
workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
workaround_params = WORKAROUND_CONFIG['wlc_interface'];
reporting = make_array(
'port' , product_info['port'],
'severity' , SECURITY_WARNING,
'version' , product_info.version,
'bug_id' , 'CSCvd45069',
'cmds' , make_list('show wireless interface summary')
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_ranges,
workarounds:workarounds,
workaround_params:workaround_params,
switch_only:TRUE
);
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:A/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
42.0%