cnvd - cnvd-2017-31982

cnvd-2017-31982

Vulnerability from cnvd

Title: Cisco Catalyst 4000 Series Switches身份验证绕过漏洞

Description:

Cisco Catalyst 4000 Series Switches是美国思科（Cisco）公司的一款4000系列交换机设备。IOS XE Software是其中的一个网络设备开发的操作系统。

Cisco Catalyst 4000 Series Switches中的IOS XE Software的动态访问列表（ACL）存在安全漏洞。物理位置临近的攻击者可利用该漏洞绕过802.1x身份验证，造成受影响的端口无法打开，并向受影响交换机端口的默认VLAN传输流量。

Severity: 低

Patch Name: Cisco Catalyst 4000 Series Switches身份验证绕过漏洞的补丁

Patch Description:

Cisco Catalyst 4000 Series Switches是美国思科（Cisco）公司的一款4000系列交换机设备。IOS XE Software是其中的一个网络设备开发的操作系统。

Cisco Catalyst 4000 Series Switches中的IOS XE Software的动态访问列表（ACL）存在安全漏洞。物理位置临近的攻击者可利用该漏洞绕过802.1x身份验证，造成受影响的端口无法打开，并向受影响交换机端口的默认VLAN传输流量。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc72751

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12213 http://www.securityfocus.com/bid/100663

Impacted products

Name
['Cisco IOS 3.6(5)', 'Cisco Catalyst 4000']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100663"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12213"
    }
  },
  "description": "Cisco Catalyst 4000 Series Switches\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e4000\u7cfb\u5217\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 4000 Series Switches\u4e2d\u7684IOS XE Software\u7684\u52a8\u6001\u8bbf\u95ee\u5217\u8868\uff08ACL\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7802.1x\u8eab\u4efd\u9a8c\u8bc1\uff0c\u9020\u6210\u53d7\u5f71\u54cd\u7684\u7aef\u53e3\u65e0\u6cd5\u6253\u5f00\uff0c\u5e76\u5411\u53d7\u5f71\u54cd\u4ea4\u6362\u673a\u7aef\u53e3\u7684\u9ed8\u8ba4VLAN\u4f20\u8f93\u6d41\u91cf\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc72751",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-31982",
  "openTime": "2017-10-30",
  "patchDescription": "Cisco Catalyst 4000 Series Switches\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e4000\u7cfb\u5217\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 4000 Series Switches\u4e2d\u7684IOS XE Software\u7684\u52a8\u6001\u8bbf\u95ee\u5217\u8868\uff08ACL\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7802.1x\u8eab\u4efd\u9a8c\u8bc1\uff0c\u9020\u6210\u53d7\u5f71\u54cd\u7684\u7aef\u53e3\u65e0\u6cd5\u6253\u5f00\uff0c\u5e76\u5411\u53d7\u5f71\u54cd\u4ea4\u6362\u673a\u7aef\u53e3\u7684\u9ed8\u8ba4VLAN\u4f20\u8f93\u6d41\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Catalyst 4000 Series Switches\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS 3.6(5)",
      "Cisco Catalyst 4000"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12213\r\nhttp://www.securityfocus.com/bid/100663",
  "serverity": "\u4f4e",
  "submitTime": "2017-09-08",
  "title": "Cisco Catalyst 4000 Series Switches\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-12213 (GCVE-0-2017-12213)

Vulnerability from cvelistv5

Published

2017-09-07 21:00

Modified

2024-08-05 18:28

Severity ?

CWE

CWE-287

Summary

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751.

References

▼	URL	Tags
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039284	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/100663	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco Catalyst 4000 Series Switches	Version: Cisco Catalyst 4000 Series Switches

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
          },
          {
            "name": "1039284",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039284"
          },
          {
            "name": "100663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Catalyst 4000 Series Switches",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Catalyst 4000 Series Switches"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
        },
        {
          "name": "1039284",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039284"
        },
        {
          "name": "100663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100663"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Catalyst 4000 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Catalyst 4000 Series Switches"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
            },
            {
              "name": "1039284",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039284"
            },
            {
              "name": "100663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100663"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12213",
    "datePublished": "2017-09-07T21:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted