Cyber Resilience

CVE-2017-12240

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 29 September 2017

Published
29 September 2017
Modified
21 April 2026
KEV Added
03 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1067 93.5th percentile
Risk Priority 46 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-12240 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Cisco Ios. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 6.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

The vulnerability is a buffer overflow in the DHCP relay subsystem of Cisco IOS versions 12.2 through 15.6 and Cisco IOS XE Software, tracked under Bug IDs CSCsm45390 and CSCuw77959. It stems from improper input validation when processing DHCP Version 4 packets, as indicated by the associated CWEs (CWE-20 and CWE-119). The flaw received a CVSS v3.1 score of 9.8, reflecting its network-accessible and unauthenticated nature with high impact on confidentiality, integrity, and availability.

An unauthenticated remote attacker can exploit the issue by sending a specially crafted DHCPv4 packet to an affected device. Successful exploitation grants the attacker the ability to execute arbitrary code with full system control or to trigger a reload resulting in a denial-of-service condition.

The referenced Cisco Security Advisory (cisco-sa-20170927-dhcp) and associated Bug IDs provide official details on affected releases and recommended remediation steps.

EU & UK References

Vulnerability details

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could…

more

also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.

CWE(s)
KEV Date Added
03 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ios
12.2 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of DHCPv4 packet inputs to block the malformed packets that trigger the buffer overflow.

prevent

Enforces memory protections that mitigate exploitation of the buffer overflow in the DHCP relay subsystem.

prevent

Requires timely application of patches that eliminate the DHCP relay buffer-overflow flaw described in the CVE.

References