A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.
Published 2017-09-29 01:34:49
Updated 2019-10-09 23:22:35
View at NVD,   CVE.org
Vulnerability category: Denial of service

CVE-2017-12238 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.
Added on 2022-03-03 Action due date 2022-03-24

Exploit prediction scoring system (EPSS) score for CVE-2017-12238

0.23%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-12238

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
3.3
LOW AV:A/AC:L/Au:N/C:N/I:N/A:P
6.5
2.9
NIST
6.5
MEDIUM CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
NIST

CWE ids for CVE-2017-12238

  • Assigned by: ykramarz@cisco.com (Secondary)

References for CVE-2017-12238

Products affected by CVE-2017-12238

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!