CVE-2017-12236

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.

Una vulnerabilidad en la implementación de LISP (Locator/ID Separation Protocol) en Cisco IOS XE desde la versión 3.2 hasta la 16.5 podría permitir que un atacante remoto no autenticado utilice un túnel x del router para omitir los chequeos de autenticación realizados cuando se registra un EID (Endpoint Identifier) en un RLOC (Routing Locator) en MS/MR (Map Server/Map Resolver). Esta vulnerabilidad se debe a un error de lógica introducido mediante una regresión de código en el software afectado. Un atacante podría explotar esta vulnerabilidad enviando ciertas peticiones map-registration válidas, las cuales se aceptarían en el MS/MR incluso si las claves de autenticación no coinciden, al software aceptado. Si se explota correctamente, esta vulnerabilidad podría permitir que el atacante inyecte mapeos no válidos de los EID a los RLOC en el MS/MR del software afectado. Esta vulnerabilidad afecta a los dispositivos de Cisco que están configurados con LISP actuando como servidor de mapas IPv4 o IPv6. Esta vulnerabilidad afecta a las distribuciones Train 3.9E y Everest 16.4 del software de Cisco IOS XE. Cisco Bug IDs: CSCvc18008.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-03 CVE Reserved
2017-09-28 CVE Published
2023-03-31 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/101033	Third Party Advisory
http://www.securitytracker.com/id/1039448	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-lisp	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.2.0ja Search vendor "Cisco" for product "Ios Xe" and version "3.2.0ja"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				3.9.1e Search vendor "Cisco" for product "Ios Xe" and version "3.9.1e"		-		Affected
Cisco Search vendor "Cisco"		Ios Xe Search vendor "Cisco" for product "Ios Xe"				16.5.1c Search vendor "Cisco" for product "Ios Xe" and version "16.5.1c"		-		Affected