What is the severity of CVE-2017-12236?

CVE-2017-12236 has a critical severity rating due to its potential for unauthenticated remote exploitation.

How do I fix CVE-2017-12236?

The fix for CVE-2017-12236 involves upgrading to a patched version of Cisco IOS XE that is not vulnerable.

What products are affected by CVE-2017-12236?

CVE-2017-12236 affects specific versions of Cisco IOS XE, including versions 3.2.0ja, 3.9.1e, and 16.5.1c.

What type of attack is possible with CVE-2017-12236?

CVE-2017-12236 can allow an attacker to bypass authentication checks when registering an Endpoint Identifier to a Routing Locator.

Is authentication required to exploit CVE-2017-12236?

No, CVE-2017-12236 can be exploited by unauthenticated remote attackers.

Vulnerability/
CVE-2017-12236

critical

9.8

CWE

287

29/9/2017

9/10/2019

CVE-2017-12236

First published: Fri Sep 29 2017(Updated: )

A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability is due to a logic error introduced via a code regression for the affected software. An attacker could exploit this vulnerability by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match, to the affected software. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR of the affected software. This vulnerability affects Cisco devices that are configured with LISP acting as an IPv4 or IPv6 map server. This vulnerability affects Cisco IOS XE Software release trains 3.9E and Everest 16.4. Cisco Bug IDs: CSCvc18008.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco IOS XE Web UI	=3.2.0ja
Cisco IOS XE Web UI	=3.9.1e
Cisco IOS XE Web UI	=16.5.1c

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-12236?
CVE-2017-12236 has a critical severity rating due to its potential for unauthenticated remote exploitation.
How do I fix CVE-2017-12236?
The fix for CVE-2017-12236 involves upgrading to a patched version of Cisco IOS XE that is not vulnerable.
What products are affected by CVE-2017-12236?
CVE-2017-12236 affects specific versions of Cisco IOS XE, including versions 3.2.0ja, 3.9.1e, and 16.5.1c.
What type of attack is possible with CVE-2017-12236?
CVE-2017-12236 can allow an attacker to bypass authentication checks when registering an Endpoint Identifier to a Routing Locator.
Is authentication required to exploit CVE-2017-12236?
No, CVE-2017-12236 can be exploited by unauthenticated remote attackers.

agent/type
agent/last-modified-date
agent/softwarecombine
agent/event
agent/severity
agent/author
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco ios xe web ui
version/cisco ios xe web ui/3.2.0ja
version/cisco ios xe web ui/3.9.1e
version/cisco ios xe web ui/16.5.1c

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.