← Zuruck zu CVEs
CVE-2017-12233
HIGHCISA KEV7.5
Beschreibung
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.
CVE Details
CVSS v3.1 Bewertung7.5
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht9/29/2017
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerCisco
ProduktIOS software
SchwachstellennameCisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
KEV Aufnahmedatum2022-03-03
Behebungsfrist2022-03-24
Ransomware-NutzungUnknown
Betroffene Produkte
cisco:1000_integrated_services_routercisco:1100-4g\/6g_integrated_services_routercisco:1100-4g_integrated_services_routercisco:1100-4gltegb_integrated_services_routercisco:1100-4gltena_integrated_services_routercisco:1100-4pcisco:1100-4p_integrated_services_routercisco:1100-6g_integrated_services_routercisco:1100-8pcisco:1100-8p_integrated_services_routercisco:1100-lte_integrated_services_routercisco:1100_integrated_services_routercisco:1100_terminal_services_gatewayscisco:1101-4pcisco:1101-4p_integrated_services_routercisco:1101_integrated_services_routercisco:1109-2pcisco:1109-4pcisco:1111-4pwecisco:1111-8pwbcisco:1111x-8pcisco:1113-8plteeawecisco:1113-8pmwecisco:1113-8pwecisco:1116-4plteeawecisco:1116-4pwecisco:1117-4plteeawecisco:1117-4pmlteeawecisco:1117-4pmwecisco:1117-4pwecisco:1120cisco:1120_connected_grid_routercisco:1120_integrated_services_routercisco:1131_integrated_services_routercisco:1160_integrated_services_routercisco:1801_integrated_service_routercisco:1802_integrated_service_routercisco:1803_integrated_service_routercisco:1811_integrated_service_routercisco:1812_integrated_service_routercisco:1841_integrated_service_routercisco:1861_integrated_service_routercisco:1905_integrated_services_routercisco:1906c_integrated_services_routercisco:1921_integrated_services_routercisco:1941_integrated_services_routercisco:1941w_integrated_services_routercisco:catalyst_ie3200_rugged_switchcisco:catalyst_ie3300_rugged_switchcisco:catalyst_ie3400_heavy_duty_switchcisco:catalyst_ie3400_rugged_switchcisco:catalyst_ie9300cisco:esr-6300-con-k9cisco:esr-6300-ncp-k9cisco:ios
Schwachen (CWE)
CWE-20
Referenzen
http://www.securityfocus.com/bid/101038(psirt@cisco.com)
http://www.securitytracker.com/id/1039459(psirt@cisco.com)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip(psirt@cisco.com)
http://www.securityfocus.com/bid/101038(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039459(af854a3a-2127-422b-91ae-364da2661108)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12233(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.