CVE-2017-12238
Published: 29 September 2017
Summary
CVE-2017-12238 is a medium-severity an unspecified weakness vulnerability in Cisco Catalyst 6000 Ws-Svc-Nam-1. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 22.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and CM-7 (Least Functionality).
Deeper analysis
A vulnerability exists in the Virtual Private LAN Service (VPLS) implementation within Cisco IOS versions 15.0 through 15.4 running on Catalyst 6800 Series Switches. The flaw is a memory management issue that occurs when handling VPLS-generated MAC address entries. It affects devices equipped with a C6800-16P10G or C6800-16P10G-XL line card paired with Supervisor Engine 6T, where the line card serves as a core-facing MPLS interface and VPLS is enabled.
An unauthenticated attacker with adjacent network access can exploit the issue by generating a large volume of VPLS MAC entries. Successful exploitation causes the affected line card to crash, producing a denial-of-service condition on the switch. The CVSS score of 6.5 reflects the attack vector and high availability impact with no privileges or user interaction required.
The Cisco Security Advisory cisco-sa-20170927-vpls, along with associated Bug ID CSCva61927, provides official guidance on affected releases and remediation steps. No information is available regarding observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-3811
Vulnerability details
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting…
more
in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires mechanisms to protect against resource-exhaustion DoS attacks that flood VPLS MAC tables on the affected line cards.
Enforces boundary controls that can restrict or filter traffic from adjacent unauthenticated attackers targeting core-facing MPLS VPLS interfaces.
Requires disabling or restricting non-essential VPLS functionality on Catalyst 6800 switches unless explicitly needed, eliminating the attack surface.