CVE-2017-12232
Published: 29 September 2017
Summary
CVE-2017-12232 is a medium-severity an unspecified weakness vulnerability in Cisco Ios. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 19.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the protocol implementation on Cisco Integrated Services Routers Generation 2 (ISR G2) running IOS versions 15.0 through 15.6 permits an unauthenticated adjacent attacker to trigger a device reload. The root cause is misclassification of Ethernet frames, tracked under Cisco Bug ID CSCvc03809 and assigned CWE-399. The flaw affects only the listed router platforms and IOS releases; successful exploitation produces a denial-of-service condition without requiring authentication or user interaction.
An attacker positioned on the same Layer-2 network can send a single crafted Ethernet frame to an affected interface. Because the device incorrectly classifies the frame, it enters an error-handling path that forces a reload. The CVSS vector (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects the requirement for adjacency and the high impact on availability.
The Cisco Security Advisory cisco-sa-20170927-rbip-dos, along with the associated SecurityFocus and SecurityTracker entries, directs administrators to the fixed software releases and any available workarounds for the listed IOS versions. No reports of in-the-wild exploitation appear in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-3805
Vulnerability details
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a…
more
denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patches that eliminate the Ethernet-frame misclassification bug (CSCvc03809) in the affected IOS releases.
Mandates denial-of-service protection mechanisms that can drop or rate-limit malformed frames before they reach the vulnerable protocol handler.
Boundary-protection rules (e.g., L2 ACLs or port security) can block crafted Ethernet frames from adjacent attackers before they enter the router's forwarding path.