CVE-2017-12222

{"id": "CVE-2017-12222", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-09-29T01:34:48.560", "references": [{"url": "http://www.securityfocus.com/bid/101035", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039458", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ios-xe", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069."}, {"lang": "es", "value": "Una vulnerabilidad en el gestor de controladores de red inal\u00e1mbrica de CISCO IOS XE permite que un atacante adyacente sin autenticar haga que el switch se reinicie y provoque una denegaci\u00f3n de servicio (DoS) como consecuencia. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una petici\u00f3n de asociaci\u00f3n manipulada. Un exploit podr\u00eda permitir que el atacante provoque el reinicio del switch. Esta vulnerabilidad afecta a los switches de Cisco Catalyst 3650 y 3850 que ejecuten el software de IOS XE desde la versi\u00f3n 16.1 hasta la 16.3.3 y act\u00faen como controladores de conexiones WLAN (WLC). Cisco Bug IDs: CSCvd45069."}], "lastModified": "2019-10-09T23:22:30.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ED5527C-A638-4E20-9928-099E32E17743"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A685A9A-235D-4D74-9D6C-AC49E75709CA"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43052998-0A27-4E83-A884-A94701A3F4CE"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94AF08F8-5B1D-42A6-B333-84B9D9A14941"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "438B3809-0783-44AC-8BC6-0FD37E865E9E"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89526731-B712-43D3-B451-D7FC503D2D65"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "302933FE-4B6A-48A3-97F0-4B943251B717"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCB6E477-C477-4CC3-B2E0-A870DA632C06"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1778BBA8-0C04-4159-A1BD-6CD9CC0AAB49"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "296636F1-9242-429B-8472-90352C056106"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77993343-0394-413F-ABF9-C1215E9AD800"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "283971DD-DD58-4A76-AC2A-F316534ED416"}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F324A5-4830-482E-A684-AB3B6594CEAE"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}