CVE-2017-3812 — Missing Release of Resource after Effective Lifetime in Cisco Industrial Ethernet 2000 Series Firmware

CWE-772 — Missing Release of Resource after Effective Lifetime CWE-3994 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.7%

top 28.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Industrial Ethernet 2000 Series Firmware

Timeline

PublishedFeb 3

Latest updateMay 13

Description

A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/industrial_ethernet_2000_series_firmware15.2\(5.4.32i\)e2

🔴Vulnerability Details

GHSA

GHSA-7cr5-677c-xw64: A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow↗2022-05-13

▶

CVEList

CVE-2017-3812: A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow↗2017-02-03

▶

📋Vendor Advisories

Cisco

Cisco Industrial Ethernet 2000 Series Switches CIP Denial of Service Vulnerability↗2017-02-01

▶