CVE-2017-12222Improper Input Validation in Cisco IOS XE

CWE-399CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 50.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedSep 29
Latest updateMay 13

Description

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE So

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xe13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-h5jp-68rm-94gf: A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch2022-05-13
CVEList
CVE-2017-12222: A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch2017-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Wireless Controller Manager Denial of Service Vulnerability2017-09-27
CVE-2017-12222 — Improper Input Validation in Cisco | cvebase