CVE-2017-3857Uncontrolled Resource Consumption in Cisco IOS

CWE-399CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedMar 22
Latest updateMay 13

Description

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios12.012.4+1
NVDcisco/ios_xe3.1.03.18.0

🔴Vulnerability Details

2
GHSA
GHSA-8hj8-9m54-wvpw: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (122022-05-13
CVEList
CVE-2017-3857: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (122017-03-22

📋Vendor Advisories

1
Cisco
Cisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability2017-03-22
CVE-2017-3857 — Uncontrolled Resource Consumption | cvebase