CVE-2017-12236
published 2017-09-29CVE-2017-12236: A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.12%
86.2th percentile
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ios_xe | — | — |
| cisco | ios_xe | — | — |
| cisco | ios_xe | — | — |
| cisco | ios_xe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated LISP map-registration requests sent to a map server/map resolver (MS/MR) where authentication keys do not match but the request is accepted — indicative of CVE-2017-12236 exploitation ↗
- →Monitor for unexpected or invalid EID-to-RLOC mapping injections in the LISP map server/map resolver, which may indicate successful exploitation of the authentication bypass ↗
- →Focus detection on Cisco IOS XE devices configured as LISP IPv4 or IPv6 map servers running release trains 3.9E or Everest 16.4, as these are the confirmed vulnerable versions ↗
- →Flag LISP map-registration traffic originating from an 'x tunnel router' (xTR) that successfully registers EID-RLOC mappings despite mismatched authentication credentials ↗
- ·Vulnerability is only exploitable on Cisco IOS XE devices explicitly configured with LISP in the map server/map resolver (MS/MR) role for IPv4 or IPv6; devices not running LISP or not acting as MS/MR are not affected ↗
- ·The vulnerability is scoped to IOS XE release trains 3.9E and Everest 16.4 specifically; other release trains within the broader 3.2–16.5 range may not be affected ↗
- ·There are no workarounds available for this vulnerability; mitigation requires applying Cisco's software updates ↗
- ·The root cause is a logic error introduced by a code regression, meaning the flaw is specific to the affected release trains and not a fundamental LISP protocol weakness ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
vendor_cisco·2017-09-27·CVSS 8.3
CVE-2017-12236 [HIGH] CWE-287 Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR).
The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid m
Cisco
Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.0
CVE-2017-12236 Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
CVE-2017-12236: Cisco IOS XE Software Locator/ID Separation Protocol Authentication Bypass Vulnerability
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE Software could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to i
GHSA
GHSA-c79j-mjvv-wx7f: A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3
ghsa_unreviewed·2022-05-13
CVE-2017-12236 [CRITICAL] CWE-287 GHSA-c79j-mjvv-wx7f: A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101033http://www.securitytracker.com/id/1039448https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisphttp://www.securityfocus.com/bid/101033http://www.securitytracker.com/id/1039448https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp
2017-09-29
Published