CISCO : Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.106990

Kategorie: CISCO

Titel: Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability

Zusammenfassung: A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked.

Beschreibung: Summary:
A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked.

Vulnerability Insight:
The vulnerability exists because the affected software does not transfer certificate revocation lists (CRLs) across Autonomic Control Plane (ACP) channels. An attacker could exploit this vulnerability by connecting an autonomic node, which has a known and revoked certificate, to the autonomic domain of an affected system.

Vulnerability Impact:
A successful exploit could allow the attacker to insert a previously trusted autonomic node into the autonomic domain of an affected system after the certificate for the node has been revoked.

Solution:
Administrators can mitigate this vulnerability by doing the following for autonomic nodes that were disconnected from the Autonomic Network domain:

- Ensure that the certificate and key information for the node is deleted properly

- Update the Autonomic Networking whitelist file on the registrar

These actions will prevent the autonomic node from re-establishing connectivity to the Autonomic Network domain of an affected system.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-6664
BugTraq ID: 99986
http://www.securityfocus.com/bid/99986
http://www.securitytracker.com/id/1038997

Copyright Copyright (C) 2017 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.106990
Kategorie:	CISCO
Titel:	Cisco IOS XE Software Autonomic Networking Infrastructure Certificate Revocation Vulnerability
Zusammenfassung:	A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked.
Beschreibung:	Summary: A vulnerability in the Autonomic Networking feature of Cisco IOS XE Software could allow an unauthenticated, remote, autonomic node to access the Autonomic Networking infrastructure of an affected system, after the certificate for the autonomic node has been revoked. Vulnerability Insight: The vulnerability exists because the affected software does not transfer certificate revocation lists (CRLs) across Autonomic Control Plane (ACP) channels. An attacker could exploit this vulnerability by connecting an autonomic node, which has a known and revoked certificate, to the autonomic domain of an affected system. Vulnerability Impact: A successful exploit could allow the attacker to insert a previously trusted autonomic node into the autonomic domain of an affected system after the certificate for the node has been revoked. Solution: Administrators can mitigate this vulnerability by doing the following for autonomic nodes that were disconnected from the Autonomic Network domain: - Ensure that the certificate and key information for the node is deleted properly - Update the Autonomic Networking whitelist file on the registrar These actions will prevent the autonomic node from re-establishing connectivity to the Autonomic Network domain of an affected system. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6664 BugTraq ID: 99986 http://www.securityfocus.com/bid/99986 http://www.securitytracker.com/id/1038997
Copyright	Copyright (C) 2017 Greenbone AG