Multiple vulnerabilities in Cisco IOS XE
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-12239 CVE-2017-12236 CVE-2017-12222 CVE-2017-12226 CVE-2017-12228 CVE-2017-12240 CVE-2017-12237 |
| CWE-ID | CWE-284 CWE-20 CWE-264 CWE-295 CWE-120 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #6 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. |
| Vulnerable software Subscribe |
Cisco IOS XE Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU8687
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12239
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an unauthenticated, physical attacker to bypass security restrictions on the target system.
The weakness exists due to an engineering console port is available on the motherboard. An attacker can physically connect to the console port on the line card, bypass security restrictions and gain full access to the affected device's operating system.
MitigationInstall update from vendor's website.
Cisco IOS XE: 3.16 - 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Authentication bypass
EUVDB-ID: #VU8688
Risk: Low
CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12236
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The weakness exists in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE Software due to a logic error introduced via a code regression. A remote attacker can send specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software and bypass authentication.
MitigationInstall update from vendor's website.
Cisco IOS XE: 3.2 - 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU8689
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12222
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the wireless controller manager of Cisco IOS XE Software due to insufficient input validation. An adjacent attacker can he switch to restart.
Install update from vendor's website.
Cisco IOS XE: 16.1 - 16.3.3
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU8690
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12226
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the web-based Wireless Controller GUI of Cisco IOS XE Software due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. A remote attacker can authenticate to the Wireless Controller GUI as a Lobby Administrator user, change the state or protocol for connection to the GUI, obtain administrator privileges and gain full control over the affected device.
Install update from vendor's website.
Cisco IOS XE: 3.7.0E - 3.7.5E
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ngwc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper certificate validation
EUVDB-ID: #VU8681
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12228
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The weakness exists due to insufficient certificate validation. A remote attacker can supply a crafted certificate, conduct MiTM attack and decrypt confidential information on user connections to the affected software.
Install update from vendor's website.
Cisco IOS XE: 3.3 - 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU8683
Risk: High
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-12240
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause execute arbitrary code on the target system.
The weakness exists due to a buffer overflow condition in the DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software. A remote attacker can send a specially crafted DHCP Version 4 (DHCPv4) packet, execute arbitrary code and gain full control over the affected system.
Install update from vendor's website.
Cisco IOS XE: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Improper input validation
EUVDB-ID: #VU8682
Risk: Low
CVSSv3.1: 5.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H/RL:O/RC:C]
CVE-ID: CVE-2017-12237
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to an error when processing certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets to the device and cause high CPU utilization, traceback messages, or a device reload.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Cisco IOS XE: 3.5 - 16.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
