What is CVE-2017-12280?

CVE-2017-12280 is a high-severity vulnerability in Cisco Wireless_lan_controller, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2017-11-02.

How severe is CVE-2017-12280?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Cisco Wireless_lan_controller

CVE-2017-12280

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) Discovery Request parsing functionality of Cisco Wireless LAN Controllers could allow an unauthenticated, remote attacker to cause an affected device to res…

Vulnerability class: Buffer Overflow

EPSS: 0.026 (83.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Cisco Wireless_lan_controller
Cisco Wireless_lan_controller_software
N/a Cisco Wireless Lan Controller — versions Cisco Wireless LAN Controller

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
psirt@cisco.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-12280?: CVE-2017-12280 is a high-severity vulnerability in Cisco Wireless_lan_controller, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.5/10. Published 2017-11-02.
How severe is CVE-2017-12280?: High severity. CVSS v3 base score is 7.5 out of 10.