CVSS: 7.8EPSS: 0%CPEs: 39EXPL: 0CVE-2017-12234 – Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12234
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709. • http://www.securityfocus.com/bid/101038 http://www.securitytracker.com/id/1039459 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-12235 – Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12235
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS 12.2 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper parsing of ingress PN-DCP Identify Request packets destined to an affected device. An attacker could exploit this vulnerability by sending a crafted PN-DCP Identify Request packet to an affected device and then continuing to send normal PN-DCP Identify Request packets to the device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. This vulnerability affects Cisco devices that are configured to process PROFINET messages. • http://www.securityfocus.com/bid/101043 http://www.securitytracker.com/id/1039451 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-profinet • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 491EXPL: 0CVE-2017-12237 – Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12237
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS 15.0 through 15.6 and Cisco IOS XE 3.5 through 16.5 could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to how an affected device processes certain IKEv2 packets. An attacker could exploit this vulnerability by sending specific IKEv2 packets to an affected device to be processed. A successful exploit could allow the attacker to cause high CPU utilization, traceback messages, or a reload of the affected device that leads to a DoS condition. This vulnerability affects Cisco devices that have the Internet Security Association and Key Management Protocol (ISAKMP) enabled. • http://www.securityfocus.com/bid/101037 http://www.securitytracker.com/id/1039460 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 34EXPL: 0CVE-2017-12238 – Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2017-12238
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. • http://www.securityfocus.com/bid/101040 http://www.securitytracker.com/id/1039453 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-vpls • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 6%CPEs: 2762EXPL: 0CVE-2017-12240 – Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-12240
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. • http://www.securityfocus.com/bid/101034 http://www.securitytracker.com/id/1039445 https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390 https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •