CVE-2017-12236

Name of the Vulnerable Software and Affected Versions Cisco IOS XE versions 3.2 through 16.5

Description A logic error in the implementation of the Locator/ID Separation Protocol (LISP) could allow an unauthenticated, remote attacker to bypass authentication checks when registering an Endpoint Identifier (EID) to a Routing Locator (RLOC) in the map server/map resolver (MS/MR). The vulnerability can be exploited by sending specific valid map-registration requests, which will be accepted by the MS/MR even if the authentication keys do not match. A successful exploit could allow the attacker to inject invalid mappings of EIDs to RLOCs in the MS/MR.

Recommendations For Cisco IOS XE versions 3.2 through 16.5, update to a fixed software release, as Cisco has released software updates that address this vulnerability. At the moment, there is no information about other workarounds that address this vulnerability.