CVE-2017-12282

{"id": "CVE-2017-12282", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 1.6}]}, "published": "2017-11-02T16:29:00.647", "references": [{"url": "http://www.securityfocus.com/bid/101650", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039724", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-wlc4", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Access Network Query Protocol (ANQP) ingress frame processing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, Layer 2 RF-adjacent attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation of ANQP query frames by the affected device. An attacker could exploit this vulnerability by sending a malformed ANQP query frame to an affected device that is on an RF-adjacent network. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. This vulnerability affects Cisco Wireless LAN Controllers that are running a vulnerable release of Cisco WLC Software and are configured to support Hotspot 2.0. Cisco Bug IDs: CSCve05779."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de procesamiento de tramas entrantes de Access Network Query Protocol (ANQP) de Cisco Wireless LAN Controllers podr\u00eda permitir que un atacante no autenticado adyacente a la frecuencia de radio de Capa 2 provoque que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio (DoS) en consecuencia. Esta vulnerabilidad se debe a la validaci\u00f3n incompleta de los valores de entrada de las tramas de consulta ANQP por parte del dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una trama de consulta ANQP mal formada al dispositivo afectado. que est\u00e9 en la red adyacente a la frecuencia de radio. Si se explota con \u00e9xito, podr\u00eda permitir que el atacante consiga que el dispositivo afectado se reinicie de manera inesperada, provocando una denegaci\u00f3n de servicio. La vulnerabilidad afecta a Cisco Wireless LAN Controllers que ejecuten una distribuci\u00f3n vulnerable de Cisco WLC Software y que est\u00e9n configurados para ser compatibles con Hotspot 2.0. Cisco Bug IDs: CSCve05779."}], "lastModified": "2019-10-09T23:22:50.183", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_lan_controller_software:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80814232-C66F-434C-B441-99133FFBD415"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wireless_lan_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AA6C4735-49D1-46CB-AED8-4DDFC5014FB4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}