Vulnerability Description
A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe | 16.1.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101035Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039458Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/101035Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039458Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2017-12222?
CVE-2017-12222 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition....
How severe is CVE-2017-12222?
CVE-2017-12222 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12222?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe.