CVE-2017-12222 - OpenCVE

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:A/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Ios Xe

Configuration 1 [-]

OR	cpe:2.3:o:cisco:ios_xe:16.1.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.1.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.1.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.1.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.1.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.2.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.2.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.2.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.2.3:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.1:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.2:::::::*
	cpe:2.3:o:cisco:ios_xe:16.3.3:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/101035	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039458	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2017-09-28T07:00:00

Updated: 2017-09-29T09:57:01

Reserved: 2017-08-03T00:00:00

Link: CVE-2017-12222

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-29T01:34:48.560

Modified: 2019-10-09T23:22:30.480

Link: CVE-2017-12222

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS XE"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-09-29T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe"}, {"name": "1039458", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039458"}, {"name": "101035", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101035"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12222", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE", "version": {"version_data": [{"version_value": "Cisco IOS XE"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe"}, {"name": "1039458", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039458"}, {"name": "101035", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101035"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12222", "datePublished": "2017-09-28T07:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2017-09-29T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0ED5527C-A638-4E20-9928-099E32E17743", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A685A9A-235D-4D74-9D6C-AC49E75709CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "43052998-0A27-4E83-A884-A94701A3F4CE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3a:*:*:*:*:*:*:*", "matchCriteriaId": "94AF08F8-5B1D-42A6-B333-84B9D9A14941", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "438B3809-0783-44AC-8BC6-0FD37E865E9E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "89526731-B712-43D3-B451-D7FC503D2D65", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "302933FE-4B6A-48A3-97F0-4B943251B717", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2a:*:*:*:*:*:*:*", "matchCriteriaId": "CCB6E477-C477-4CC3-B2E0-A870DA632C06", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "1778BBA8-0C04-4159-A1BD-6CD9CC0AAB49", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069."}, {"lang": "es", "value": "Una vulnerabilidad en el gestor de controladores de red inal\u00e1mbrica de CISCO IOS XE permite que un atacante adyacente sin autenticar haga que el switch se reinicie y provoque una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n de asociaci\u00f3n manipulada. Un exploit podr\u00eda permitir que el atacante provoque el reinicio del switch. Esta vulnerabilidad afecta a los switches de Cisco Catalyst 3650 y 3850 que ejecuten el software de IOS XE desde la versi\u00f3n 16.1 hasta la 16.3.3 y act\u00faen como controladores de conexiones WLAN (WLC). Cisco Bug IDs: CSCvd45069."}], "id": "CVE-2017-12222", "lastModified": "2019-10-09T23:22:30.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-29T01:34:48.560", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101035"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039458"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}