CVE-2017-3857
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.
Una vulnerabilidad en la función de análisis en Layer 2 Tunneling Protocol (L2TP) de Cisco IOS (12.0 en versiones hasta 12.4 y 15.0 en versiones hasta 15.6) y Cisco IOS XE (3.1 en versiones hasta 3.18) podría permitir a un atacante remoto no autenticado provocar recarga de los dispositivo afectado. La vulnerabilidad se debe a la insuficiente validación de los paquetes L2TP. Una explotación exitosa podría permitir al atacante hacer que el dispositivo afectado se vuelva a cargar, dando como resultado una condición de denegación de servicio (DoS). Esta vulnerabilidad afecta a los dispositivos Cisco que ejecutan una versión vulnerable de Cisco IOS o Cisco IOS XE Software si la característica L2TP está habilitada para el dispositivo y el dispositivo está configurado como punto final L2TP Versión 2 (L2TPv2) o L2TP Versión 3 (L2TPv3). De forma predeterminada, la función L2TP no está habilitada. ID de bugs de Cisco: CSCuy82078.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-21 CVE Reserved
- 2017-03-22 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/97010 | Third Party Advisory | |
http://www.securitytracker.com/id/1038100 | Third Party Advisory | |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-l2tp | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | >= 12.0 <= 12.4 Search vendor "Cisco" for product "Ios" and version " >= 12.0 <= 12.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Search vendor "Cisco" for product "Ios" | >= 15.0 <= 15.6 Search vendor "Cisco" for product "Ios" and version " >= 15.0 <= 15.6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Ios Xe Search vendor "Cisco" for product "Ios Xe" | >= 3.1.0 <= 3.18.0 Search vendor "Cisco" for product "Ios Xe" and version " >= 3.1.0 <= 3.18.0" | - |
Affected
|