Vulnerability Details : CVE-2017-12355
A vulnerability in the Local Packet Transport Services (LPTS) ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service (DoS) condition. The vulnerability is due to incomplete LPTS frame validation by the affected software. An attacker could exploit this vulnerability by sending crafted XML requests to the management interface of an affected system. A successful exploit could allow the attacker to cause one of the LPTS processes on the affected system to restart unexpectedly, which would impact LPTS traffic and cause a brief DoS condition while the process restarts. Cisco Bug IDs: CSCvf76332.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2017-12355
- cpe:2.3:o:cisco:ios_xr:6.4.1_base:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-12355
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-12355
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2017-12355
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2017-12355
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ios-xr
Cisco IOS XR Software Local Packet Transport Services Denial of Service VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1039927
Cisco IOS XR LPTS Frame Validation Flaw Lets Remote Users Cause the Target Service to Reload - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/101989
Cisco IOS XR Software CVE-2017-12355 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to