CVE-2017-12278

CVSS V2 Medium 5.2 CVSS V3 Medium 6.3
Description
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Wireless LAN Controllers could allow an authenticated, remote attacker to cause an affected device to restart, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory leak that occurs on an affected device after the device fails to deallocate a buffer that is used when certain MIBs are polled. An attacker who knows the SNMP Version 2 SNMP Read string or has valid SNMP Version 3 credentials for an affected device could repeatedly poll the affected MIB object IDs (OIDs) and consume available memory on the device. When memory is sufficiently depleted on the device, the device will restart, resulting in a DoS condition. Cisco Bug IDs: CSCvc71674.
Overview
  • CVE ID
  • CVE-2017-12278
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-11-02T16:29:00
  • Last Modified Date
  • 2019-10-09T23:22:49
Weakness Enumerations
CWE URL
CWE-772 http://cwe.mitre.org/data/definitions/772.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:A/AC:M/Au:S/C:N/I:N/A:C
  • Access Vector
  • ADJACENT_NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 5.2
  • Severity
  • MEDIUM
  • Exploitability Score
  • 4.4
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • CHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 6.3
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.8
  • Impact Score
  • 4
References
Reference URL Reference Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc1 Vendor Advisory
http://www.securitytracker.com/id/1039712 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/101642 Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-12278
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12278
History
Created Old Value New Value Data Type Notes
2022-05-10 17:12:04 Added to TrackCVE
2022-12-02 22:44:33 psirt@cisco.com ykramarz@cisco.com CVE Assigner updated
2022-12-02 22:44:33 2017-11-02T16:29Z 2017-11-02T16:29:00 CVE Published Date updated
2022-12-02 22:44:33 2019-10-09T23:22:49 CVE Modified Date updated
2022-12-02 22:44:33 Modified Vulnerability Status updated