// For flags

CVE-2017-12234

Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.

Múltiples vulnerabilidades en la implementación de una característica CIP (Common Industrial Protocol) en Cisco IOS desde la versión 12.4 hasta la 15.6 podrían permitir que un atacante remoto sin autenticar haga que el dispositivo afectado se reinicie, provocando una denegación de servicio (DoS) en consecuencia. Estas vulnerabilidades se deben a un análisis sintáctico incorrecto de los paquetes CIP manipulados destinados al dispositivo afectado. Un atacante podría explotar estas vulnerabilidades enviando paquetes CIP manipulados para que los procese el dispositivo afectado. Si se explota con éxito, podría permitir que el atacante consiga que el dispositivo afectado se reinicie, provocando una denegación de servicio. Cisco Bug IDs: CSCvc43709.

There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2017-08-03 CVE Reserved
  • 2017-09-28 CVE Published
  • 2022-03-03 Exploited in Wild
  • 2022-03-24 KEV Due Date
  • 2024-07-19 EPSS Updated
  • 2024-11-15 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
12.4\(25e\)jao3a
Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jao3a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
12.4\(25e\)jao20s
Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jao20s"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
12.4\(25e\)jap1n
Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jap1n"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
12.4\(25e\)jap9
Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jap9"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.0\(2\)sqd7
Search vendor "Cisco" for product "Ios" and version "15.0\(2\)sqd7"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.1\(2\)sg7a
Search vendor "Cisco" for product "Ios" and version "15.1\(2\)sg7a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(2\)e3
Search vendor "Cisco" for product "Ios" and version "15.2\(2\)e3"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(2\)e5b
Search vendor "Cisco" for product "Ios" and version "15.2\(2\)e5b"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(2\)eb
Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(2\)eb1
Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb1"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(2\)eb2
Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(3\)ex
Search vendor "Cisco" for product "Ios" and version "15.2\(3\)ex"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(4\)ec
Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(4\)ec1
Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec1"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(4\)ec2
Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(5\)e
Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(5\)e2a
Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e2a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(5\)e2b
Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e2b"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.2\(5a\)e1
Search vendor "Cisco" for product "Ios" and version "15.2\(5a\)e1"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jbb6a
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jbb6a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jc7
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc7"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jc50
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc50"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jc51
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc51"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jca7
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jca7"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jda3
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jda3"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)je1
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)je1"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jnc4
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnc4"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jnd2
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnd2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jnp2
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnp2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jpb
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpb"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jpb2
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpb2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.3\(3\)jpc3
Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpc3"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(1\)s1a
Search vendor "Cisco" for product "Ios" and version "15.6\(1\)s1a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)s0a
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s0a"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)s2
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s2"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)s3
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s3"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)sp1b
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp1b"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)sp1c
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp1c"
-
Affected
Cisco
Search vendor "Cisco"
Ios
Search vendor "Cisco" for product "Ios"
15.6\(2\)sp2a
Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp2a"
-
Affected