6.5

CVE-2017-12222

A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted association request. An exploit could allow the attacker to cause the switch to restart. This vulnerability affects Cisco Catalyst 3650 and 3850 switches running IOS XE Software versions 16.1 through 16.3.3, and acting as wireless LAN controllers (WLC). Cisco Bug IDs: CSCvd45069.

Data is provided by the National Vulnerability Database (NVD)
CiscoIos Xe Version16.1.1
CiscoIos Xe Version16.1.2
CiscoIos Xe Version16.1.3
CiscoIos Xe Version16.1.3a
CiscoIos Xe Version16.1.4
CiscoIos Xe Version16.2.1
CiscoIos Xe Version16.2.2
CiscoIos Xe Version16.2.2a
CiscoIos Xe Version16.2.3
CiscoIos Xe Version16.3.1
CiscoIos Xe Version16.3.1a
CiscoIos Xe Version16.3.2
CiscoIos Xe Version16.3.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.461
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 6.1 6.5 6.9
AV:A/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/101035
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039458
Third Party Advisory
VDB Entry