Cyber Resilience

CVE-2017-12238

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 29 September 2017

Published
29 September 2017
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0101 77.6th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-12238 is a medium-severity an unspecified weakness vulnerability in Cisco Catalyst 6000 Ws-Svc-Nam-1. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 22.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and CM-7 (Least Functionality).

Deeper analysis

A vulnerability exists in the Virtual Private LAN Service (VPLS) implementation within Cisco IOS versions 15.0 through 15.4 running on Catalyst 6800 Series Switches. The flaw is a memory management issue that occurs when handling VPLS-generated MAC address entries. It affects devices equipped with a C6800-16P10G or C6800-16P10G-XL line card paired with Supervisor Engine 6T, where the line card serves as a core-facing MPLS interface and VPLS is enabled.

An unauthenticated attacker with adjacent network access can exploit the issue by generating a large volume of VPLS MAC entries. Successful exploitation causes the affected line card to crash, producing a denial-of-service condition on the switch. The CVSS score of 6.5 reflects the attack vector and high availability impact with no privileges or user interaction required.

The Cisco Security Advisory cisco-sa-20170927-vpls, along with associated Bug ID CSCva61927, provides official guidance on affected releases and remediation steps. No information is available regarding observed in-the-wild exploitation.

EU & UK References

Vulnerability details

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting…

more

in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
15.0 — 15.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires mechanisms to protect against resource-exhaustion DoS attacks that flood VPLS MAC tables on the affected line cards.

prevent

Enforces boundary controls that can restrict or filter traffic from adjacent unauthenticated attackers targeting core-facing MPLS VPLS interfaces.

prevent

Requires disabling or restricting non-essential VPLS functionality on Catalyst 6800 switches unless explicitly needed, eliminating the attack surface.

References