Vulnerability Description
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios | >= 12.2, <= 15.6 |
| Cisco | 1000 Integrated Services Router | - |
| Cisco | 1100-4G Integrated Services Router | - |
| Cisco | 1100-4Gltegb Integrated Services Router | - |
| Cisco | 1100-4Gltena Integrated Services Router | - |
| Cisco | 1100-4P Integrated Services Router | - |
| Cisco | 1100-6G Integrated Services Router | - |
| Cisco | 1100-8P Integrated Services Router | - |
| Cisco | 1100-Lte Integrated Services Router | - |
| Cisco | 1100 Integrated Services Router | - |
| Cisco | 1101-4P Integrated Services Router | - |
| Cisco | 1101 Integrated Services Router | - |
| Cisco | 1109-2P Integrated Services Router | - |
| Cisco | 1109-4P Integrated Services Router | - |
| Cisco | 1109 Integrated Services Router | - |
| Cisco | 1111X-8P Integrated Services Router | - |
| Cisco | 1111X Integrated Services Router | - |
| Cisco | 111X Integrated Services Router | - |
| Cisco | 1120 Integrated Services Router | - |
| Cisco | 1131 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/101034Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039445Broken LinkThird Party AdvisoryVDB Entry
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390Vendor Advisory
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/101034Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039445Broken LinkThird Party AdvisoryVDB Entry
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCsm45390Vendor Advisory
- https://quickview.cloudapps.cisco.com/quickview/bug/CSCuw77959Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-US Government Resource
FAQ
What is CVE-2017-12240?
CVE-2017-12240 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full ...
How severe is CVE-2017-12240?
CVE-2017-12240 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-12240?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios, Cisco 1000 Integrated Services Router, Cisco 1100-4G Integrated Services Router, Cisco 1100-4Gltegb Integrated Services Router, Cisco 1100-4Gltena Integrated Services Router.