CVE-2017-12234
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.
Múltiples vulnerabilidades en la implementación de una característica CIP (Common Industrial Protocol) en Cisco IOS desde la versión 12.4 hasta la 15.6 podrían permitir que un atacante remoto sin autenticar haga que el dispositivo afectado se reinicie, provocando una denegación de servicio (DoS) en consecuencia. Estas vulnerabilidades se deben a un análisis sintáctico incorrecto de los paquetes CIP manipulados destinados al dispositivo afectado. Un atacante podría explotar estas vulnerabilidades enviando paquetes CIP manipulados para que los procese el dispositivo afectado. Si se explota con éxito, podría permitir que el atacante consiga que el dispositivo afectado se reinicie, provocando una denegación de servicio. Cisco Bug IDs: CSCvc43709.
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-03 CVE Reserved
- 2017-09-28 CVE Published
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-07-19 EPSS Updated
- 2024-11-15 CVE Updated
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101038 | Third Party Advisory | |
| http://www.securitytracker.com/id/1039459 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4\(25e\)jao3a Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jao3a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4\(25e\)jao20s Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jao20s" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4\(25e\)jap1n Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jap1n" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 12.4\(25e\)jap9 Search vendor "Cisco" for product "Ios" and version "12.4\(25e\)jap9" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.0\(2\)sqd7 Search vendor "Cisco" for product "Ios" and version "15.0\(2\)sqd7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.1\(2\)sg7a Search vendor "Cisco" for product "Ios" and version "15.1\(2\)sg7a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(2\)e3 Search vendor "Cisco" for product "Ios" and version "15.2\(2\)e3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(2\)e5b Search vendor "Cisco" for product "Ios" and version "15.2\(2\)e5b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(2\)eb Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(2\)eb1 Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(2\)eb2 Search vendor "Cisco" for product "Ios" and version "15.2\(2\)eb2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(3\)ex Search vendor "Cisco" for product "Ios" and version "15.2\(3\)ex" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(4\)ec Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(4\)ec1 Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(4\)ec2 Search vendor "Cisco" for product "Ios" and version "15.2\(4\)ec2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(5\)e Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(5\)e2a Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e2a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(5\)e2b Search vendor "Cisco" for product "Ios" and version "15.2\(5\)e2b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.2\(5a\)e1 Search vendor "Cisco" for product "Ios" and version "15.2\(5a\)e1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jbb6a Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jbb6a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jc7 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jc50 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc50" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jc51 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jc51" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jca7 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jca7" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jda3 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jda3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)je1 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)je1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jnc4 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnc4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jnd2 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnd2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jnp2 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jnp2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jpb Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpb" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jpb2 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpb2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.3\(3\)jpc3 Search vendor "Cisco" for product "Ios" and version "15.3\(3\)jpc3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(1\)s1a Search vendor "Cisco" for product "Ios" and version "15.6\(1\)s1a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)s0a Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s0a" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)s2 Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)s3 Search vendor "Cisco" for product "Ios" and version "15.6\(2\)s3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)sp1b Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp1b" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)sp1c Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp1c" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | 15.6\(2\)sp2a Search vendor "Cisco" for product "Ios" and version "15.6\(2\)sp2a" | - |
Affected
| ||||||