CVE-2017-12232 — MEDIUM (6.5)

Q: How severe is CVE-2017-12232?

CVE-2017-12232 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12232?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 1000 Integrated Services Router, Cisco 1100-4G\/6G Integrated Services Router, Cisco 1100-4G Integrated Services Router, Cisco 1100-4Gltegb Integrated Services Router.

Vulnerability Description

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ios	>= 15.0, <= 15.6
Cisco	1000 Integrated Services Router	-
Cisco	1100-4G\/6G Integrated Services Router	-
Cisco	1100-4G Integrated Services Router	-
Cisco	1100-4Gltegb Integrated Services Router	-
Cisco	1100-4Gltena Integrated Services Router	-
Cisco	1100-8P Integrated Services Router	-
Cisco	1100-Lte Integrated Services Router	-
Cisco	1100 Integrated Services Router	-
Cisco	1101-4P Integrated Services Router	-
Cisco	1101 Integrated Services Router	-
Cisco	1109-2P Integrated Services Router	-
Cisco	1109-4P Integrated Services Router	-
Cisco	1109 Integrated Services Router	-
Cisco	1111X-8P Integrated Services Router	-
Cisco	1111X Integrated Services Router	-
Cisco	111X Integrated Services Router	-
Cisco	1120 Integrated Services Router	-
Cisco	1131 Integrated Services Router	-
Cisco	1160 Integrated Services Router	-

Related Weaknesses (CWE)

CWE-399

References

http://www.securityfocus.com/bid/101044Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039452Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
http://www.securityfocus.com/bid/101044Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039452Broken LinkThird Party AdvisoryVDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource

FAQ

What is CVE-2017-12232?

CVE-2017-12232 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent atta...

How severe is CVE-2017-12232?

CVE-2017-12232 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12232?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 1000 Integrated Services Router, Cisco 1100-4G\/6G Integrated Services Router, Cisco 1100-4G Integrated Services Router, Cisco 1100-4Gltegb Integrated Services Router.