⚠ Actively exploited
Added to CISA KEV on 2022-03-03. Federal agencies required to patch by 2022-03-24. Required action: Apply updates per vendor instructions..

CVE-2017-12238Cisco IOS vulnerability

CWE-3996 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
1.2%
top 21.45%
CISA KEV
KEV
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOSCisco IOS
Timeline
PublishedSep 29
KEV addedMar 3
KEV dueMar 24
Latest updateMay 13
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC addre

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios15.015.4
CVEListV5cisco/cisco_iosCisco IOS

🔴Vulnerability Details

3
GHSA
GHSA-g8w4-jc9x-6qpc: A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 152022-05-13
CVEList
CVE-2017-12238: A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 152017-09-28
VulnCheck
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability2017

📋Vendor Advisories

2
CISA
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability2022-03-03
Cisco
Cisco IOS Software for Cisco Catalyst 6800 Series Switches VPLS Denial of Service Vulnerability2017-09-27
CVE-2017-12238 — Cisco IOS vulnerability | cvebase