cnvd - cnvd-2017-31982

CNVD-2017-31982

Vulnerability from cnvd - Published: 2017-10-30

Title

Cisco Catalyst 4000 Series Switches身份验证绕过漏洞

Description

Cisco Catalyst 4000 Series Switches是美国思科（Cisco）公司的一款4000系列交换机设备。IOS XE Software是其中的一个网络设备开发的操作系统。 Cisco Catalyst 4000 Series Switches中的IOS XE Software的动态访问列表（ACL）存在安全漏洞。物理位置临近的攻击者可利用该漏洞绕过802.1x身份验证，造成受影响的端口无法打开，并向受影响交换机端口的默认VLAN传输流量。

Severity

低

Patch Name

Cisco Catalyst 4000 Series Switches身份验证绕过漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc72751

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-12213 http://www.securityfocus.com/bid/100663

Impacted products

Name
['Cisco IOS 3.6(5)', 'Cisco Catalyst 4000']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "100663"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12213"
    }
  },
  "description": "Cisco Catalyst 4000 Series Switches\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e4000\u7cfb\u5217\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 4000 Series Switches\u4e2d\u7684IOS XE Software\u7684\u52a8\u6001\u8bbf\u95ee\u5217\u8868\uff08ACL\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7802.1x\u8eab\u4efd\u9a8c\u8bc1\uff0c\u9020\u6210\u53d7\u5f71\u54cd\u7684\u7aef\u53e3\u65e0\u6cd5\u6253\u5f00\uff0c\u5e76\u5411\u53d7\u5f71\u54cd\u4ea4\u6362\u673a\u7aef\u53e3\u7684\u9ed8\u8ba4VLAN\u4f20\u8f93\u6d41\u91cf\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc72751",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-31982",
  "openTime": "2017-10-30",
  "patchDescription": "Cisco Catalyst 4000 Series Switches\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u6b3e4000\u7cfb\u5217\u4ea4\u6362\u673a\u8bbe\u5907\u3002IOS XE Software\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f51\u7edc\u8bbe\u5907\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Catalyst 4000 Series Switches\u4e2d\u7684IOS XE Software\u7684\u52a8\u6001\u8bbf\u95ee\u5217\u8868\uff08ACL\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u4e34\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7802.1x\u8eab\u4efd\u9a8c\u8bc1\uff0c\u9020\u6210\u53d7\u5f71\u54cd\u7684\u7aef\u53e3\u65e0\u6cd5\u6253\u5f00\uff0c\u5e76\u5411\u53d7\u5f71\u54cd\u4ea4\u6362\u673a\u7aef\u53e3\u7684\u9ed8\u8ba4VLAN\u4f20\u8f93\u6d41\u91cf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Catalyst 4000 Series Switches\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco IOS 3.6(5)",
      "Cisco Catalyst 4000"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12213\r\nhttp://www.securityfocus.com/bid/100663",
  "serverity": "\u4f4e",
  "submitTime": "2017-09-08",
  "title": "Cisco Catalyst 4000 Series Switches\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CVE-2017-12213 (GCVE-0-2017-12213)

Vulnerability from cvelistv5 – Published: 2017-09-07 21:00 – Updated: 2024-08-05 18:28

Summary

A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751.

Severity ?

No CVSS data available.

CWE

CWE-287

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039284	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/100663	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Cisco Catalyst 4000 Series Switches	Affected: Cisco Catalyst 4000 Series Switches

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:28:16.590Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
          },
          {
            "name": "1039284",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039284"
          },
          {
            "name": "100663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Catalyst 4000 Series Switches",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Catalyst 4000 Series Switches"
            }
          ]
        }
      ],
      "datePublic": "2017-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-09T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
        },
        {
          "name": "1039284",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039284"
        },
        {
          "name": "100663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100663"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Catalyst 4000 Series Switches",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Catalyst 4000 Series Switches"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-cat"
            },
            {
              "name": "1039284",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039284"
            },
            {
              "name": "100663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100663"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12213",
    "datePublished": "2017-09-07T21:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:28:16.590Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-31982

CVE-2017-12213 (GCVE-0-2017-12213)

Tags

Sightings

Nomenclature