Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-12355 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco IOS XR Operating systems & Components / Operating system |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU9512
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12355
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to DoS condition on the target system.
The vulnerability exists in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software due to incomplete LPTS frame validation. A remote attacker can send specially crafted XML requests to the management interface cause one of the LPTS processes to restart unexpectedly.
Successful exploitation of the vulnerability results in denial of service.
The vulnerability is addressed in the following versions: 6.4.1.17, 6.3.15.1, 6.3.2.14, 6.2.3.2.
Cisco IOS XR: 6.4.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.