Sign-up

ID

VAR-201710-0659


CVE

CVE-2017-12289


TITLE

Cisco IOS XE Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2017-009504

DESCRIPTION

A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implementation of IPsec conditional, verbose debug logging that causes sensitive information to be written to the log file. This information should be restricted. An attacker who has valid administrative credentials could exploit this vulnerability by authenticating to the device and enabling conditional, verbose debug logging for IPsec and viewing the log file. An exploit could allow the attacker to access sensitive information related to the IPsec configuration. Cisco Bug IDs: CSCvf12081. Cisco IOS XE The software contains an information disclosure vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvf12081 It is released as.Information may be obtained. Cisco IOSXESoftware is an operating system developed by Cisco Systems for its network devices

Trust: 2.52

sources: NVD: CVE-2017-12289 // JVNDB: JVNDB-2017-009504 // CNVD: CNVD-2017-32427 // BID: 101509 // VULHUB: VHN-102796

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-32427

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:lteversion:16.7.1

Trust: 1.0

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.9

vendor:ciscomodel:iosscope:eqversion:16.7.1

Trust: 0.9

vendor:ciscomodel:iosscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-32427 // BID: 101509 // JVNDB: JVNDB-2017-009504 // CNNVD: CNNVD-201710-879 // NVD: CVE-2017-12289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12289
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12289
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-32427
value: LOW

Trust: 0.6

CNNVD: CNNVD-201710-879
value: MEDIUM

Trust: 0.6

VULHUB: VHN-102796
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-12289
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-32427
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-102796
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12289
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-32427 // VULHUB: VHN-102796 // JVNDB: JVNDB-2017-009504 // CNNVD: CNNVD-201710-879 // NVD: CVE-2017-12289

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-102796 // JVNDB: JVNDB-2017-009504 // NVD: CVE-2017-12289

THREAT TYPE

local

Trust: 0.9

sources: BID: 101509 // CNNVD: CNNVD-201710-879

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201710-879

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009504

PATCH
title:cisco-sa-20171018-cisco-ios-xe1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-cisco-ios-xe1
Trust: 0.8
title:Patch for Cisco IOSXESoftware Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105224
Trust: 0.6
title:Cisco IOS XE Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75862
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-32427 // 
            
            
            
            JVNDB: JVNDB-2017-009504 // 
            
            
            
            CNNVD: CNNVD-201710-879

EXTERNAL IDS
db:NVDid:CVE-2017-12289
Trust: 3.4
db:BIDid:101509
Trust: 2.6
db:SECTRACKid:1039628
Trust: 2.3
db:JVNDBid:JVNDB-2017-009504
Trust: 0.8
db:CNNVDid:CNNVD-201710-879
Trust: 0.7
db:CNVDid:CNVD-2017-32427
Trust: 0.6
db:VULHUBid:VHN-102796
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-32427 // 
            
            
            
            VULHUB: VHN-102796 // 
            
            
            
            BID: 101509 // 
            
            
            
            JVNDB: JVNDB-2017-009504 // 
            
            
            
            CNNVD: CNNVD-201710-879 // 
            
            
            
            NVD: CVE-2017-12289

REFERENCES
url:http://www.securityfocus.com/bid/101509
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-cisco-ios-xe1
Trust: 2.0
url:http://www.securitytracker.com/id/1039628
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12289
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12289
Trust: 0.8
url:https://securitytracker.com/id/1039628
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-32427 // 
            
            
            
            VULHUB: VHN-102796 // 
            
            
            
            BID: 101509 // 
            
            
            
            JVNDB: JVNDB-2017-009504 // 
            
            
            
            CNNVD: CNNVD-201710-879 // 
            
            
            
            NVD: CVE-2017-12289

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 101509

SOURCES
db:CNVDid:CNVD-2017-32427
db:VULHUBid:VHN-102796
db:BIDid:101509
db:JVNDBid:JVNDB-2017-009504
db:CNNVDid:CNNVD-201710-879
db:NVDid:CVE-2017-12289

LAST UPDATE DATE
2025-04-20T23:27:15.948000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-32427date:2017-11-02T00:00:00
db:VULHUBid:VHN-102796date:2019-10-09T00:00:00
db:BIDid:101509date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009504date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201710-879date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12289date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-32427date:2017-11-02T00:00:00
db:VULHUBid:VHN-102796date:2017-10-19T00:00:00
db:BIDid:101509date:2017-10-18T00:00:00
db:JVNDBid:JVNDB-2017-009504date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201710-879date:2017-10-27T00:00:00
db:NVDid:CVE-2017-12289date:2017-10-19T08:29:00.593