CVE-2017-12236Improper Authentication in Cisco IOS XE

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
3.3%
top 12.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XE
Timeline
PublishedSep 29
Latest updateMay 13

Description

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sendi

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDcisco/ios_xe16.5.1c, 3.2.0ja, 3.9.1e+2

🔴Vulnerability Details

2
GHSA
GHSA-c79j-mjvv-wx7f: A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 32022-05-13
CVEList
CVE-2017-12236: A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 32017-09-28

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability2017-09-27
CVE-2017-12236 — Improper Authentication in Cisco | cvebase