Multiple vulnerabilities in Cisco IOS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-12228 CVE-2017-12237 CVE-2017-12240 CVE-2017-12233 CVE-2017-12234 CVE-2017-12231 |
| CWE-ID | CWE-295 CWE-20 CWE-120 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #4 is being exploited in the wild. Vulnerability #5 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
| Vulnerable software |
Cisco IOS Operating systems & Components / Operating system |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper certificate validation
EUVDB-ID: #VU8681
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12228
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to conduct man-in-the-middle attack.
The weakness exists due to insufficient certificate validation. A remote attacker can supply a crafted certificate, conduct MiTM attack and decrypt confidential information on user connections to the affected software.
Install update from vendor's website.
Cisco IOS: 12.4 - 15.5.3 S2.9
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:12.4.24_T4:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.2(5c)E:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.3:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.4.2_S:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.5.3_S2.9:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-pnp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU8682
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-12237
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the Internet Key Exchange Version 2 (IKEv2) module due to an error when processing certain IKEv2 packets. A remote attacker can send specially crafted IKEv2 packets to the device and cause high CPU utilization, traceback messages, or a device reload.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Cisco IOS: 15.0 - 15.5.3 S2.9
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-ike
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Buffer overflow
EUVDB-ID: #VU8683
Risk: High
CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-12240
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause execute arbitrary code on the target system.
The weakness exists due to a buffer overflow condition in the DHCP relay subsystem of Cisco IOS and Cisco IOS XE Software. A remote attacker can send a specially crafted DHCP Version 4 (DHCPv4) packet, execute arbitrary code and gain full control over the affected system.
Install update from vendor's website.
Cisco IOS: 12.2 - 15.5.3 S2.9
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:12.2.33:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.3:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-dhcp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Improper input validation
EUVDB-ID: #VU8684
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-12233
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.
Install update from vendor's website.
Cisco IOS: 12.0 - 15.6.2 SP
CPE2.3- cpe:2.3:o:cisco_systems:cisco_ios:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:cisco_systems:cisco_ios:15.6.2_SP:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
5) Improper input validation
EUVDB-ID: #VU8685
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-12234
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to an error in the implementation of the Common Industrial Protocol (CIP) feature. A remote attacker can send specially crafted CIP packets and cause the device to reload.
Install update from vendor's website.
Cisco IOS: 12.0 - 15.6.2 SP
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-cip
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
6) Improper input validation
EUVDB-ID: #VU8686
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-12231
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists in the implementation of Network Address Translation (NAT) functionality in Cisco IOS Software due to the improper translation of H.323 messages that use the Registration, Admission, and Status (RAS) protocol.A remote attacker can send a specially crafted H.323 RAS packet and cause the device to reload or crash.
Install update from vendor's website.
Cisco IOS: 12.0 - 15.6.2 SP
CPE2.3https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-nat
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
