2 matches found
Cisco IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability
According to its self-reported version, the Cisco IOS XE Software is affected by one or more vulnerabilities. Please see the included Cisco BIDs and the Cisco Security Advisory for more information. TRUSTED...
CVE-2017-12228
CVE-2017-12228 affects Cisco Network Plug and Play in Cisco IOS 12.4–15.6 and Cisco IOS XE 3.3–16.4. The root cause is insufficient certificate validation in the PKI API, allowing an unauthenticated remote attacker to supply a crafted certificate and perform MITM to decrypt user data. Exploitatio...