Lucene search

[email protected]CVE-2017-12239

HistorySep 29, 2017 - 1:34 a.m.

CVE-2017-12239

2017-09-2901:34:49

CWE-798

CWE-264

[email protected]

web.nvd.nist.gov

cisco

asr 1000

cbr-8

router

vulnerability

cve-2017-12239

nvd

security

networking

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

A vulnerability in motherboard console ports of line cards for Cisco ASR 1000 Series Aggregation Services Routers and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to access an affected device’s operating system. The vulnerability exists because an engineering console port is available on the motherboard of the affected line cards. An attacker could exploit this vulnerability by physically connecting to the console port on the line card. A successful exploit could allow the attacker to gain full access to the affected device’s operating system. This vulnerability affects only Cisco ASR 1000 Series Routers that have removable line cards and Cisco cBR-8 Converged Broadband Routers, if they are running certain Cisco IOS XE 3.16 through 16.5 releases. Cisco Bug IDs: CSCvc65866, CSCve77132.

Affected configurations

NVD

Node

ciscoios_xeMatch3.13.0as

ciscoios_xeMatch3.13.0s

ciscoios_xeMatch3.13.1s

ciscoios_xeMatch3.13.2as

ciscoios_xeMatch3.13.2s

ciscoios_xeMatch3.13.3s

ciscoios_xeMatch3.13.4s

ciscoios_xeMatch3.13.5as

ciscoios_xeMatch3.13.5s

ciscoios_xeMatch3.13.6as

ciscoios_xeMatch3.13.6s

ciscoios_xeMatch3.14.0s

ciscoios_xeMatch3.14.1s

ciscoios_xeMatch3.14.2s

ciscoios_xeMatch3.14.3s

ciscoios_xeMatch3.14.4s

ciscoios_xeMatch3.15.0s

ciscoios_xeMatch3.15.1cs

ciscoios_xeMatch3.15.1s

ciscoios_xeMatch3.15.2s

ciscoios_xeMatch3.15.3s

ciscoios_xeMatch3.15.4s

ciscoios_xeMatch3.16.0as

ciscoios_xeMatch3.16.0bs

ciscoios_xeMatch3.16.0cs

ciscoios_xeMatch3.16.0s

ciscoios_xeMatch3.16.1as

ciscoios_xeMatch3.16.1s

ciscoios_xeMatch3.16.2as

ciscoios_xeMatch3.16.2bs

ciscoios_xeMatch3.16.2s

ciscoios_xeMatch3.16.3as

ciscoios_xeMatch3.16.3s

ciscoios_xeMatch3.16.4as

ciscoios_xeMatch3.16.4bs

ciscoios_xeMatch3.16.4cs

ciscoios_xeMatch3.16.4ds

ciscoios_xeMatch3.16.4es

ciscoios_xeMatch3.16.4gs

ciscoios_xeMatch3.16.4s

ciscoios_xeMatch3.16.5as

ciscoios_xeMatch3.16.5bs

ciscoios_xeMatch3.16.5s

ciscoios_xeMatch3.17.0s

ciscoios_xeMatch3.17.1as

ciscoios_xeMatch3.17.1s

ciscoios_xeMatch3.17.2s

ciscoios_xeMatch3.17.3s

ciscoios_xeMatch3.18.0as

ciscoios_xeMatch3.18.0s

ciscoios_xeMatch3.18.0sp

ciscoios_xeMatch3.18.1asp

ciscoios_xeMatch3.18.1bsp

ciscoios_xeMatch3.18.1csp

ciscoios_xeMatch3.18.1gsp

ciscoios_xeMatch3.18.1hsp

ciscoios_xeMatch3.18.1isp

ciscoios_xeMatch3.18.1s

ciscoios_xeMatch3.18.1sp

ciscoios_xeMatch3.18.2asp

ciscoios_xeMatch3.18.2s

ciscoios_xeMatch3.18.2sp

ciscoios_xeMatch16.3.1a

ciscoios_xeMatch16.3.5b

ciscoios_xeMatch16.3.6

ciscoios_xeMatch16.3.7

ciscoios_xeMatch16.3.8

ciscoios_xeMatch16.3.9

ciscoios_xeMatch16.3.10

ciscoios_xeMatch16.3.11

ciscoios_xeMatch16.4.3

ciscoios_xeMatch16.5.1

ciscoios_xeMatch16.9.3a

ciscoios_xeMatch16.9.3s

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq3.13.0as
cisco:ios_xecisco ios xeeq3.13.0s
cisco:ios_xecisco ios xeeq3.13.1s
cisco:ios_xecisco ios xeeq3.13.2as
cisco:ios_xecisco ios xeeq3.13.2s
cisco:ios_xecisco ios xeeq3.13.3s
cisco:ios_xecisco ios xeeq3.13.4s
cisco:ios_xecisco ios xeeq3.13.5as
cisco:ios_xecisco ios xeeq3.13.5s
cisco:ios_xecisco ios xeeq3.13.6as

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	3.13.0as
cisco:ios_xe	cisco ios xe	eq	3.13.0s
cisco:ios_xe	cisco ios xe	eq	3.13.1s
cisco:ios_xe	cisco ios xe	eq	3.13.2as
cisco:ios_xe	cisco ios xe	eq	3.13.2s
cisco:ios_xe	cisco ios xe	eq	3.13.3s
cisco:ios_xe	cisco ios xe	eq	3.13.4s
cisco:ios_xe	cisco ios xe	eq	3.13.5as
cisco:ios_xe	cisco ios xe	eq	3.13.5s
cisco:ios_xe	cisco ios xe	eq	3.13.6as

Rows per page:

1-10 of 741

CNA Affected

[
  {
    "product": "Cisco IOS XE",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco IOS XE"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101042

www.securitytracker.com/id/1039454

www.securitytracker.com/id/1039455

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cc

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for CVE-2017-12239

nessus1 prion1 cvelist1 nvd1 cisco1