CVE-2017-12279Sensitive Information Exposure in Cisco IOS

CWE-200Sensitive Information Exposure4 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 69.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedNov 2
Latest updateMay 13

Description

A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to insufficient condition checks that are performed by the affected device when the device adds padding to egress packets. An attacker could exploit this vulnerability by sending a crafted IP packet to an a

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

ciscocisco/ios

🔴Vulnerability Details

1
GHSA
GHSA-cpcj-gq92-47mr: A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker2022-05-13

📋Vendor Advisories

2
Cisco
Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability2017-11-01
Cisco
Cisco IOS Software for Cisco Aironet Access Points Information Disclosure Vulnerability