CVE-2017-12228
Published: Sep 29, 2017Modified: May 13, 2026
5.9
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.2 / Impact: 3.6
Source: NVD
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.
Affected (581)
Configuration A581 vulnerable
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.4(25e)jao20s | |
| Version 12.4(25e)jao3a | |
| Version 12.4(25e)jap1n | |
| Version 12.4(25e)jap9 | |
| Version 15.0(2)ej1 | |
| Version 15.0(2)ej | |
| Version 15.0(2)ex10 | |
| Version 15.0(2)ex13 | |
| Version 15.0(2)ex1 | |
| Version 15.0(2)ex2 | |
| Version 15.0(2)ex3 | |
| Version 15.0(2)ex4 | |
| Version 15.0(2)ex5 | |
| Version 15.0(2)ex8 | |
| Version 15.0(2)ex | |
| Version 15.0(2)ez | |
| Version 15.0(2)se10 | |
| Version 15.0(2)se10a | |
| Version 15.0(2)se1 | |
| Version 15.0(2)se2 | |
| Version 15.0(2)se3 | |
| Version 15.0(2)se4 | |
| Version 15.0(2)se5 | |
| Version 15.0(2)se6 | |
| Version 15.0(2)se7 | |
| Version 15.0(2)se8 | |
| Version 15.0(2)se9 | |
| Version 15.0(2)sqd7 | |
| Version 15.0(2a)ex5 | |
| Version 15.0(2a)se9 | |
| Version 15.1(1)sy1 | |
| Version 15.1(1)sy2 | |
| Version 15.1(1)sy3 | |
| Version 15.1(1)sy4 | |
| Version 15.1(1)sy5 | |
| Version 15.1(1)sy6 | |
| Version 15.1(1)sy | |
| Version 15.1(2)sg7a | |
| Version 15.1(2)sy10 | |
| Version 15.1(2)sy1 | |
| Version 15.1(2)sy2 | |
| Version 15.1(2)sy3 | |
| Version 15.1(2)sy4 | |
| Version 15.1(2)sy4a | |
| Version 15.1(2)sy5 | |
| Version 15.1(2)sy6 | |
| Version 15.1(2)sy7 | |
| Version 15.1(2)sy8 | |
| Version 15.1(2)sy9 | |
| Version 15.1(2)sy | |
| Version 15.2(1)e1 | |
| Version 15.2(1)e2 | |
| Version 15.2(1)e3 | |
| Version 15.2(1)e | |
| Version 15.2(1)ey | |
| Version 15.2(1)sy0a | |
| Version 15.2(1)sy1 | |
| Version 15.2(1)sy1a | |
| Version 15.2(1)sy2 | |
| Version 15.2(1)sy3 | |
| Version 15.2(1)sy4 | |
| Version 15.2(1)sy | |
| Version 15.2(2)e1 | |
| Version 15.2(2)e2 | |
| Version 15.2(2)e3 | |
| Version 15.2(2)e4 | |
| Version 15.2(2)e5 | |
| Version 15.2(2)e5a | |
| Version 15.2(2)e5b | |
| Version 15.2(2)e6 | |
| Version 15.2(2)e | |
| Version 15.2(2)ea1 | |
| Version 15.2(2)ea2 | |
| Version 15.2(2)ea3 | |
| Version 15.2(2)eb1 | |
| Version 15.2(2)eb2 | |
| Version 15.2(2)eb | |
| Version 15.2(2)gc | |
| Version 15.2(2)ja1 | |
| Version 15.2(2)ja | |
| Version 15.2(2)jax1 | |
| Version 15.2(2)jax | |
| Version 15.2(2)jb2 | |
| Version 15.2(2)jb3 | |
| Version 15.2(2)jb4 | |
| Version 15.2(2)jb5 | |
| Version 15.2(2)jb6 | |
| Version 15.2(2)jb | |
| Version 15.2(2)jn1 | |
| Version 15.2(2)jn2 | |
| Version 15.2(2)s0a | |
| Version 15.2(2)s0c | |
| Version 15.2(2)s1 | |
| Version 15.2(2)s2 | |
| Version 15.2(2)s | |
| Version 15.2(2)sng | |
| Version 15.2(2)snh1 | |
| Version 15.2(2)sni | |
| Version 15.2(2)sy1 | |
| Version 15.2(2)sy2 | |
| Version 15.2(2)sy | |
| Version 15.2(2)t1 | |
| Version 15.2(2)t2 | |
| Version 15.2(2)t3 | |
| Version 15.2(2)t4 | |
| Version 15.2(2)t | |
| Version 15.2(2a)e1 | |
| Version 15.2(2a)e2 | |
| Version 15.2(3)e1 | |
| Version 15.2(3)e2 | |
| Version 15.2(3)e3 | |
| Version 15.2(3)e4 | |
| Version 15.2(3)e5 | |
| Version 15.2(3)e | |
| Version 15.2(3)ea | |
| Version 15.2(3)ex | |
| Version 15.2(3)gc1 | |
| Version 15.2(3)gc | |
| Version 15.2(3)t1 | |
| Version 15.2(3)t2 | |
| Version 15.2(3)t3 | |
| Version 15.2(3)t4 | |
| Version 15.2(3)t | |
| Version 15.2(3a)e | |
| Version 15.2(3m)e2 | |
| Version 15.2(3m)e3 | |
| Version 15.2(3m)e8 | |
| Version 15.2(4)e1 | |
| Version 15.2(4)e2 | |
| Version 15.2(4)e3 | |
| Version 15.2(4)e4 | |
| Version 15.2(4)e | |
| Version 15.2(4)ea1 | |
| Version 15.2(4)ea3 | |
| Version 15.2(4)ea4 | |
| Version 15.2(4)ea5 | |
| Version 15.2(4)ea | |
| Version 15.2(4)ec1 | |
| Version 15.2(4)ec2 | |
| Version 15.2(4)ec | |
| Version 15.2(4)gc1 | |
| Version 15.2(4)gc2 | |
| Version 15.2(4)gc3 | |
| Version 15.2(4)gc | |
| Version 15.2(4)ja1 | |
| Version 15.2(4)ja | |
| Version 15.2(4)jb1 | |
| Version 15.2(4)jb2 | |
| Version 15.2(4)jb3 | |
| Version 15.2(4)jb3a | |
| Version 15.2(4)jb3b | |
| Version 15.2(4)jb3h | |
| Version 15.2(4)jb3s | |
| Version 15.2(4)jb4 | |
| Version 15.2(4)jb5 | |
| Version 15.2(4)jb5h | |
| Version 15.2(4)jb5m | |
| Version 15.2(4)jb6 | |
| Version 15.2(4)jb7 | |
| Version 15.2(4)jb | |
| Version 15.2(4)jn | |
| Version 15.2(4)m10 | |
| Version 15.2(4)m11 | |
| Version 15.2(4)m1 | |
| Version 15.2(4)m2 | |
| Version 15.2(4)m3 | |
| Version 15.2(4)m4 | |
| Version 15.2(4)m5 | |
| Version 15.2(4)m6 | |
| Version 15.2(4)m6a | |
| Version 15.2(4)m7 | |
| Version 15.2(4)m8 | |
| Version 15.2(4)m9 | |
| Version 15.2(4)m | |
| Version 15.2(4)s1 | |
| Version 15.2(4)s2 | |
| Version 15.2(4)s3 | |
| Version 15.2(4)s3a | |
| Version 15.2(4)s4 | |
| Version 15.2(4)s4a | |
| Version 15.2(4)s5 | |
| Version 15.2(4)s6 | |
| Version 15.2(4)s7 | |
| Version 15.2(4)s | |
| Version 15.2(4m)e1 | |
| Version 15.2(4m)e3 | |
| Version 15.2(4n)e2 | |
| Version 15.2(4o)e2 | |
| Version 15.2(4p)e1 | |
| Version 15.2(5)e1 | |
| Version 15.2(5)e2a | |
| Version 15.2(5)e2b | |
| Version 15.2(5)e | |
| Version 15.2(5)ea | |
| Version 15.2(5)ex | |
| Version 15.2(5a)e1 | |
| Version 15.2(5a)e | |
| Version 15.2(5b)e | |
| Version 15.2(5c)e | |
| Version 15.3(1)s1 | |
| Version 15.3(1)s2 | |
| Version 15.3(1)s | |
| Version 15.3(1)sy1 | |
| Version 15.3(1)sy2 | |
| Version 15.3(1)sy | |
| Version 15.3(1)t1 | |
| Version 15.3(1)t2 | |
| Version 15.3(1)t3 | |
| Version 15.3(1)t4 | |
| Version 15.3(1)t | |
| Version 15.3(2)s1 | |
| Version 15.3(2)s2 | |
| Version 15.3(2)s | |
| Version 15.3(2)t1 | |
| Version 15.3(2)t2 | |
| Version 15.3(2)t3 | |
| Version 15.3(2)t4 | |
| Version 15.3(2)t | |
| Version 15.3(3)ja10 | |
| Version 15.3(3)ja11 | |
| Version 15.3(3)ja1 | |
| Version 15.3(3)ja1m | |
| Version 15.3(3)ja1n | |
| Version 15.3(3)ja4 | |
| Version 15.3(3)ja5 | |
| Version 15.3(3)ja6 | |
| Version 15.3(3)ja76 | |
| Version 15.3(3)ja77 | |
| Version 15.3(3)ja7 | |
| Version 15.3(3)ja8 | |
| Version 15.3(3)ja | |
| Version 15.3(3)jaa | |
| Version 15.3(3)jab | |
| Version 15.3(3)jax1 | |
| Version 15.3(3)jax2 | |
| Version 15.3(3)jax | |
| Version 15.3(3)jb75 | |
| Version 15.3(3)jb | |
| Version 15.3(3)jbb1 | |
| Version 15.3(3)jbb2 | |
| Version 15.3(3)jbb4 | |
| Version 15.3(3)jbb50 | |
| Version 15.3(3)jbb5 | |
| Version 15.3(3)jbb6 | |
| Version 15.3(3)jbb6a | |
| Version 15.3(3)jbb8 | |
| Version 15.3(3)jbb | |
| Version 15.3(3)jc1 | |
| Version 15.3(3)jc2 | |
| Version 15.3(3)jc3 | |
| Version 15.3(3)jc4 | |
| Version 15.3(3)jc50 | |
| Version 15.3(3)jc51 | |
| Version 15.3(3)jc5 | |
| Version 15.3(3)jc6 | |
| Version 15.3(3)jc7 | |
| Version 15.3(3)jc | |
| Version 15.3(3)jca7 | |
| Version 15.3(3)jd2 | |
| Version 15.3(3)jd3 | |
| Version 15.3(3)jd4 | |
| Version 15.3(3)jd | |
| Version 15.3(3)jda3 | |
| Version 15.3(3)je1 | |
| Version 15.3(3)je | |
| Version 15.3(3)jn3 | |
| Version 15.3(3)jn4 | |
| Version 15.3(3)jn7 | |
| Version 15.3(3)jn8 | |
| Version 15.3(3)jn9 | |
| Version 15.3(3)jnb1 | |
| Version 15.3(3)jnb2 | |
| Version 15.3(3)jnb3 | |
| Version 15.3(3)jnb4 | |
| Version 15.3(3)jnb6 | |
| Version 15.3(3)jnb | |
| Version 15.3(3)jnc1 | |
| Version 15.3(3)jnc4 | |
| Version 15.3(3)jnc | |
| Version 15.3(3)jnd1 | |
| Version 15.3(3)jnd2 | |
| Version 15.3(3)jnd3 | |
| Version 15.3(3)jnd | |
| Version 15.3(3)jnp1 | |
| Version 15.3(3)jnp2 | |
| Version 15.3(3)jnp | |
| Version 15.3(3)jpb1 | |
| Version 15.3(3)jpb2 | |
| Version 15.3(3)jpb | |
| Version 15.3(3)jpc2 | |
| Version 15.3(3)jpc3 | |
| Version 15.3(3)jpd | |
| Version 15.3(3)m1 | |
| Version 15.3(3)m2 | |
| Version 15.3(3)m3 | |
| Version 15.3(3)m4 | |
| Version 15.3(3)m5 | |
| Version 15.3(3)m6 | |
| Version 15.3(3)m7 | |
| Version 15.3(3)m8 | |
| Version 15.3(3)m8a | |
| Version 15.3(3)m9 | |
| Version 15.3(3)m | |
| Version 15.3(3)s1 | |
| Version 15.3(3)s1a | |
| Version 15.3(3)s2 | |
| Version 15.3(3)s3 | |
| Version 15.3(3)s4 | |
| Version 15.3(3)s5 | |
| Version 15.3(3)s6 | |
| Version 15.3(3)s7 | |
| Version 15.3(3)s8 | |
| Version 15.3(3)s8a | |
| Version 15.3(3)s9 | |
| Version 15.3(3)s | |
| Version 15.4(1)cg1 | |
| Version 15.4(1)cg | |
| Version 15.4(1)s1 | |
| Version 15.4(1)s2 | |
| Version 15.4(1)s3 | |
| Version 15.4(1)s4 | |
| Version 15.4(1)s | |
| Version 15.4(1)sy1 | |
| Version 15.4(1)sy2 | |
| Version 15.4(1)sy | |
| Version 15.4(1)t1 | |
| Version 15.4(1)t2 | |
| Version 15.4(1)t3 | |
| Version 15.4(1)t4 | |
| Version 15.4(1)t | |
| Version 15.4(2)cg | |
| Version 15.4(2)s1 | |
| Version 15.4(2)s2 | |
| Version 15.4(2)s3 | |
| Version 15.4(2)s4 | |
| Version 15.4(2)s | |
| Version 15.4(2)t1 | |
| Version 15.4(2)t2 | |
| Version 15.4(2)t3 | |
| Version 15.4(2)t4 | |
| Version 15.4(2)t | |
| Version 15.4(3)m1 | |
| Version 15.4(3)m2 | |
| Version 15.4(3)m3 | |
| Version 15.4(3)m4 | |
| Version 15.4(3)m5 | |
| Version 15.4(3)m6 | |
| Version 15.4(3)m6a | |
| Version 15.4(3)m7 | |
| Version 15.4(3)m | |
| Version 15.4(3)s1 | |
| Version 15.4(3)s2 | |
| Version 15.4(3)s3 | |
| Version 15.4(3)s4 | |
| Version 15.4(3)s5 | |
| Version 15.4(3)s5a | |
| Version 15.4(3)s6 | |
| Version 15.4(3)s6a | |
| Version 15.4(3)s6b | |
| Version 15.4(3)s7 | |
| Version 15.4(3)s7a | |
| Version 15.4(3)s | |
| Version 15.5(1)s1 | |
| Version 15.5(1)s2 | |
| Version 15.5(1)s3 | |
| Version 15.5(1)s4 | |
| Version 15.5(1)s | |
| Version 15.5(1)sy1 | |
| Version 15.5(1)sy | |
| Version 15.5(1)t1 | |
| Version 15.5(1)t2 | |
| Version 15.5(1)t3 | |
| Version 15.5(1)t4 | |
| Version 15.5(1)t | |
| Version 15.5(2)s1 | |
| Version 15.5(2)s2 | |
| Version 15.5(2)s3 | |
| Version 15.5(2)s4 | |
| Version 15.5(2)s | |
| Version 15.5(2)t1 | |
| Version 15.5(2)t2 | |
| Version 15.5(2)t3 | |
| Version 15.5(2)t4 | |
| Version 15.5(2)t | |
| Version 15.5(3)m0a | |
| Version 15.5(3)m1 | |
| Version 15.5(3)m2 | |
| Version 15.5(3)m3 | |
| Version 15.5(3)m4 | |
| Version 15.5(3)m4a | |
| Version 15.5(3)m5 | |
| Version 15.5(3)m | |
| Version 15.5(3)s0a | |
| Version 15.5(3)s1 | |
| Version 15.5(3)s1a | |
| Version 15.5(3)s2 | |
| Version 15.5(3)s2a | |
| Version 15.5(3)s2b | |
| Version 15.5(3)s3 | |
| Version 15.5(3)s3a | |
| Version 15.5(3)s4 | |
| Version 15.5(3)s4a | |
| Version 15.5(3)s4b | |
| Version 15.5(3)s4d | |
| Version 15.5(3)s5 | |
| Version 15.5(3)s | |
| Version 15.5(3)sn | |
| Version 15.6(1)s1 | |
| Version 15.6(1)s1a | |
| Version 15.6(1)s2 | |
| Version 15.6(1)s3 | |
| Version 15.6(1)s | |
| Version 15.6(1)t0a | |
| Version 15.6(1)t1 | |
| Version 15.6(1)t2 | |
| Version 15.6(1)t3 | |
| Version 15.6(1)t | |
| Version 15.6(2)s0a | |
| Version 15.6(2)s1 | |
| Version 15.6(2)s2 | |
| Version 15.6(2)s3 | |
| Version 15.6(2)s | |
| Version 15.6(2)sn | |
| Version 15.6(2)sp1 | |
| Version 15.6(2)sp1b | |
| Version 15.6(2)sp1c | |
| Version 15.6(2)sp2 | |
| Version 15.6(2)sp2a | |
| Version 15.6(2)sp | |
| Version 15.6(2)t1 | |
| Version 15.6(2)t2 | |
| Version 15.6(2)t | |
| Version 15.6(3)m0a | |
| Version 15.6(3)m1 | |
| Version 15.6(3)m1b | |
| Version 15.6(3)m | |
| Up to 15.4\(3\)s | |
| Version 16.1.1 | |
| Version 16.1.2 | |
| Version 16.1.3 | |
| Version 16.1.3a | |
| Version 16.1.4 | |
| Version 16.2.1 | |
| Version 16.2.2 | |
| Version 16.2.2a | |
| Version 16.2.3 | |
| Version 16.3.1 | |
| Version 16.3.1a | |
| Version 16.3.2 | |
| Version 16.4.1 | |
| Version 3.10.0s | |
| Version 3.10.1s | |
| Version 3.10.1xbs | |
| Version 3.10.2s | |
| Version 3.10.2ts | |
| Version 3.10.3s | |
| Version 3.10.4s | |
| Version 3.10.5s | |
| Version 3.10.6s | |
| Version 3.10.7s | |
| Version 3.10.8as | |
| Version 3.10.8s | |
| Version 3.10.9s | |
| Version 3.11.0s | |
| Version 3.11.1s | |
| Version 3.11.2s | |
| Version 3.11.3s | |
| Version 3.11.4s | |
| Version 3.12.0as | |
| Version 3.12.0s | |
| Version 3.12.1s | |
| Version 3.12.2s | |
| Version 3.12.3s | |
| Version 3.12.4s | |
| Version 3.13.0as | |
| Version 3.13.0s | |
| Version 3.13.1s | |
| Version 3.13.2as | |
| Version 3.13.2s | |
| Version 3.13.3s | |
| Version 3.13.4s | |
| Version 3.13.5as | |
| Version 3.13.5s | |
| Version 3.13.6as | |
| Version 3.13.6s | |
| Version 3.13.7as | |
| Version 3.13.7s | |
| Version 3.14.0s | |
| Version 3.14.1s | |
| Version 3.14.2s | |
| Version 3.14.3s | |
| Version 3.14.4s | |
| Version 3.15.0s | |
| Version 3.15.1cs | |
| Version 3.15.1s | |
| Version 3.15.2s | |
| Version 3.15.3s | |
| Version 3.15.4s | |
| Version 3.16.0cs | |
| Version 3.16.0s | |
| Version 3.16.1as | |
| Version 3.16.1s | |
| Version 3.16.2as | |
| Version 3.16.2bs | |
| Version 3.16.2s | |
| Version 3.16.3as | |
| Version 3.16.3s | |
| Version 3.16.4as | |
| Version 3.16.4bs | |
| Version 3.16.4ds | |
| Version 3.16.4s | |
| Version 3.16.5s | |
| Version 3.17.0s | |
| Version 3.17.1as | |
| Version 3.17.1s | |
| Version 3.17.3s | |
| Version 3.18.0as | |
| Version 3.18.0s | |
| Version 3.18.0sp | |
| Version 3.18.1asp | |
| Version 3.18.1bsp | |
| Version 3.18.1csp | |
| Version 3.18.1s | |
| Version 3.18.1sp | |
| Version 3.18.2s | |
| Version 3.18.2sp | |
| Version 3.18.3vs | |
| Version 3.3.0xo | |
| Version 3.3.1xo | |
| Version 3.3.2xo | |
| Version 3.5.0e | |
| Version 3.5.1e | |
| Version 3.5.2e | |
| Version 3.5.3e | |
| Version 3.6.0e | |
| Version 3.6.0s | |
| Version 3.6.1e | |
| Version 3.6.1s | |
| Version 3.6.2ae | |
| Version 3.6.2e | |
| Version 3.6.2s | |
| Version 3.6.3e | |
| Version 3.6.4e | |
| Version 3.6.5ae | |
| Version 3.6.5be | |
| Version 3.6.5e | |
| Version 3.6.6e | |
| Version 3.7.0bs | |
| Version 3.7.0e | |
| Version 3.7.0s | |
| Version 3.7.1as | |
| Version 3.7.1e | |
| Version 3.7.1s | |
| Version 3.7.2e | |
| Version 3.7.2s | |
| Version 3.7.2ts | |
| Version 3.7.3e | |
| Version 3.7.3s | |
| Version 3.7.4as | |
| Version 3.7.4e | |
| Version 3.7.4s | |
| Version 3.7.5e | |
| Version 3.7.5s | |
| Version 3.7.6s | |
| Version 3.7.7s | |
| Version 3.8.0e | |
| Version 3.8.0ex | |
| Version 3.8.0s | |
| Version 3.8.1e | |
| Version 3.8.1s | |
| Version 3.8.2e | |
| Version 3.8.2s | |
| Version 3.8.3e | |
| Version 3.8.4e | |
| Version 3.9.0as | |
| Version 3.9.0e | |
| Version 3.9.0s | |
| Version 3.9.1as | |
| Version 3.9.1e | |
| Version 3.9.1s | |
| Version 3.9.2s |
Related CWEs
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
References (6)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.