Cyber Resilience

CVE-2017-12232

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 29 September 2017

Published
29 September 2017
Modified
22 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0137 80.6th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-12232 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 19.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A vulnerability in the protocol implementation on Cisco Integrated Services Routers Generation 2 (ISR G2) running IOS versions 15.0 through 15.6 permits an unauthenticated adjacent attacker to trigger a device reload. The root cause is misclassification of Ethernet frames, tracked under Cisco Bug ID CSCvc03809 and assigned CWE-399. The flaw affects only the listed router platforms and IOS releases; successful exploitation produces a denial-of-service condition without requiring authentication or user interaction.

An attacker positioned on the same Layer-2 network can send a single crafted Ethernet frame to an affected interface. Because the device incorrectly classifies the frame, it enters an error-handling path that forces a reload. The CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects the requirement for adjacency and the high impact on availability.

The Cisco Security Advisory cisco-sa-20170927-rbip-dos, along with the associated SecurityFocus and SecurityTracker entries, directs administrators to the fixed software releases and any available workarounds for the listed IOS versions. No reports of in-the-wild exploitation appear in the provided references.

EU & UK References

Vulnerability details

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a…

more

denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.0 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches that eliminate the Ethernet-frame misclassification bug (CSCvc03809) in the affected IOS releases.

prevent

Mandates denial-of-service protection mechanisms that can drop or rate-limit malformed frames before they reach the vulnerable protocol handler.

prevent

Boundary-protection rules (e.g., L2 ACLs or port security) can block crafted Ethernet frames from adjacent attackers before they enter the router's forwarding path.

References