{"containers": {"cna": {"affected": [{"product": "Cisco IOS XE", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco IOS XE"}]}], "datePublic": "2017-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "101033", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101033"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"}, {"name": "1039448", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12236", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IOS XE", "version": {"version_data": [{"version_value": "Cisco IOS XE"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "101033", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101033"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"}, {"name": "1039448", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039448"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:16.612Z"}, "title": "CVE Program Container", "references": [{"name": "101033", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101033"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"}, {"name": "1039448", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039448"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12236", "datePublished": "2017-09-28T07:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2024-08-05T18:28:16.612Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:3.2.0ja:*:*:*:*:*:*:*", "matchCriteriaId": "52BC2A87-31EC-4E15-86E3-ECBEFA9E479A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:3.9.1e:*:*:*:*:*:*:*", "matchCriteriaId": "D5604A84-8240-45B6-9027-B03AA549CD5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:16.5.1c:*:*:*:*:*:*:*", "matchCriteriaId": "14B39732-D8FA-4E08-95FC-8F26C0BF8D0E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de LISP (Locator/ID Separation Protocol) en Cisco IOS XE desde la versi\u00f3n 3.2 hasta la 16.5 podr\u00eda permitir que un atacante remoto no autenticado utilice un t\u00fanel x del router para omitir los chequeos de autenticaci\u00f3n realizados cuando se registra un EID (Endpoint Identifier) en un RLOC (Routing Locator) en MS/MR (Map Server/Map Resolver). Esta vulnerabilidad se debe a un error de l\u00f3gica introducido mediante una regresi\u00f3n de c\u00f3digo en el software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando ciertas peticiones map-registration v\u00e1lidas, las cuales se aceptar\u00edan en el MS/MR incluso si las claves de autenticaci\u00f3n no coinciden, al software aceptado. Si se explota correctamente, esta vulnerabilidad podr\u00eda permitir que el atacante inyecte mapeos no v\u00e1lidos de los EID a los RLOC en el MS/MR del software afectado. Esta vulnerabilidad afecta a los dispositivos de Cisco que est\u00e1n configurados con LISP actuando como servidor de mapas IPv4 o IPv6. Esta vulnerabilidad afecta a las distribuciones Train 3.9E y Everest 16.4 del software de Cisco IOS XE. Cisco Bug IDs: CSCvc18008."}], "id": "CVE-2017-12236", "lastModified": "2024-11-21T03:09:05.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-29T01:34:48.937", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101033"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039448"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}