⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-12232Cisco IOS vulnerability

CWE-3996 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.11%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedSep 29
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow t

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios15.015.6
CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

3
GHSA
GHSA-j4ww-r9hh-57hx: A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 152022-05-13
CVEList
CVE-2017-12232: A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 152017-09-28
VulnCheck
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability2017

📋Vendor Advisories

2
CISA
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability2022-03-03
Cisco
Cisco IOS Software for Cisco Integrated Services Routers Generation 2 Denial of Service Vulnerability2017-09-27
CVE-2017-12232 — Cisco IOS vulnerability | cvebase