Multiple vulnerabilities in Cisco IOS



Published: 2017-10-04
Risk High
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2017-12228
CVE-2017-12237
CVE-2017-12240
CVE-2017-12233
CVE-2017-12234
CVE-2017-12231
CWE-ID CWE-295
CWE-20
CWE-120
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerability #3 is being exploited in the wild.
Vulnerability #4 is being exploited in the wild.
Vulnerability #5 is being exploited in the wild.
Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe 		Cisco IOS
Operating systems & Components / Operating system

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Improper certificate validation

EUVDB-ID: #VU8681

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12228

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack.

The weakness exists due to insufficient certificate validation. A remote attacker can supply a crafted certificate, conduct MiTM attack and decrypt confidential information on user connections to the affected software.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 12.4 - 15.5SN

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU8682

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-12237

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to an error when processing certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets to the device and cause high CPU utilization, traceback messages, or a device reload.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 15.0 - 15.5SN

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Buffer overflow

EUVDB-ID: #VU8683

Risk: High

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-12240

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause execute arbitrary code on the target system.

The weakness exists due to a buffer overflow condition in the DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software. A remote attacker can send a specially crafted DHCP Version 4 (DHCPv4) packet, execute arbitrary code and gain full control over the affected system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 12.2 - 15.5SN

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Improper input validation

EUVDB-ID: #VU8684

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-12233

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 12.0 - 15.6.2 SP

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

5) Improper input validation

EUVDB-ID: #VU8685

Risk: Low

CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-12234

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 12.0 - 15.6.2 SP

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

6) Improper input validation

EUVDB-ID: #VU8686

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-12231

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists in the implementation of Network Address Translation (NAT) functionality in Cisco IOS Software due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol.A remote attacker can send a specially crafted H.323 RAS packet and cause the device to reload or crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS: 12.0 - 15.6.2 SP

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###