CVE-2017-12226Improper Input Validation in Cisco IOS XE

CWE-264CWE-20Improper Input Validation4 documents4 sources
Severity
8.8HIGHNVD
EPSS
4.0%
top 11.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedSep 29
Latest updateMay 13

Description

A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco New Generation Wireless Controllers (NGWC) 3850 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due to incomplete input validation of HTTP requests by the affected GUI, if the GUI connection state or protocol changes. An attacker cou

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios_xe6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-4768-jwrj-c8p2: A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Superv2022-05-13
CVEList
CVE-2017-12226: A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Superv2017-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Cisco 5760 WLC, Cisco Catalyst 4500E Supervisor Engine 8-E, and Cisco NGWC 3850 GUI Privilege Escalation Vulnerability2017-09-27
CVE-2017-12226 — Improper Input Validation in Cisco | cvebase