Sign-up

ID

VAR-201711-0304


CVE

CVE-2017-12275


TITLE

Cisco Wireless LAN Controller Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-009838

DESCRIPTION

A vulnerability in the implementation of 802.11v Basic Service Set (BSS) Transition Management functionality in Cisco Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of 802.11v BSS Transition Management Response packets that an affected device receives from wireless clients. An attacker could exploit this vulnerability by sending a malformed 802.11v BSS Transition Management Response packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload unexpectedly, resulting in a DoS condition. Cisco Bug IDs: CSCvb57803. Cisco Wireless LAN Controller Contains an input validation vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvb57803 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. This product provides functions such as security policy and intrusion detection in wireless LAN

Trust: 1.98

sources: NVD: CVE-2017-12275 // JVNDB: JVNDB-2017-009838 // BID: 101657 // VULHUB: VHN-102781

AFFECTED PRODUCTS

vendor:ciscomodel:wireless lan controller softwarescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:wireless lan controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:wireless lan controllersscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.3(104.142)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:eqversion:55008.2(121.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.3(114.18)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.3(111.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.2(151.0)

Trust: 0.3

vendor:ciscomodel:series wireless controllersscope:neversion:55008.2(145.64)

Trust: 0.3

sources: BID: 101657 // JVNDB: JVNDB-2017-009838 // CNNVD: CNNVD-201711-078 // NVD: CVE-2017-12275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12275
value: HIGH

Trust: 1.0

NVD: CVE-2017-12275
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-078
value: HIGH

Trust: 0.6

VULHUB: VHN-102781
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-12275
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-102781
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-12275
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-102781 // JVNDB: JVNDB-2017-009838 // CNNVD: CNNVD-201711-078 // NVD: CVE-2017-12275

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-102781 // JVNDB: JVNDB-2017-009838 // NVD: CVE-2017-12275

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-078

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201711-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009838

PATCH
title:cisco-sa-20171101-wlc2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc2
Trust: 0.8
title:Cisco Wireless LAN Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76081
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-009838 // 
            
            
            
            CNNVD: CNNVD-201711-078

EXTERNAL IDS
db:NVDid:CVE-2017-12275
Trust: 2.8
db:BIDid:101657
Trust: 2.0
db:SECTRACKid:1039713
Trust: 1.7
db:JVNDBid:JVNDB-2017-009838
Trust: 0.8
db:CNNVDid:CNNVD-201711-078
Trust: 0.7
db:VULHUBid:VHN-102781
Trust: 0.1
sources:
            
            
            VULHUB: VHN-102781 // 
            
            
            
            BID: 101657 // 
            
            
            
            JVNDB: JVNDB-2017-009838 // 
            
            
            
            CNNVD: CNNVD-201711-078 // 
            
            
            
            NVD: CVE-2017-12275

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171101-wlc2
Trust: 2.0
url:http://www.securityfocus.com/bid/101657
Trust: 1.7
url:http://www.securitytracker.com/id/1039713
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12275
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12275
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-102781 // 
            
            
            
            BID: 101657 // 
            
            
            
            JVNDB: JVNDB-2017-009838 // 
            
            
            
            CNNVD: CNNVD-201711-078 // 
            
            
            
            NVD: CVE-2017-12275

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101657

SOURCES
db:VULHUBid:VHN-102781
db:BIDid:101657
db:JVNDBid:JVNDB-2017-009838
db:CNNVDid:CNNVD-201711-078
db:NVDid:CVE-2017-12275

LAST UPDATE DATE
2025-04-20T23:15:51.796000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-102781date:2019-10-09T00:00:00
db:BIDid:101657date:2017-12-19T22:00:00
db:JVNDBid:JVNDB-2017-009838date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-078date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12275date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-102781date:2017-11-02T00:00:00
db:BIDid:101657date:2017-11-01T00:00:00
db:JVNDBid:JVNDB-2017-009838date:2017-11-24T00:00:00
db:CNNVDid:CNNVD-201711-078date:2017-11-03T00:00:00
db:NVDid:CVE-2017-12275date:2017-11-02T16:29:00.363