| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4. Affected by this issue is some unknown functionality of the component VPLS. Such manipulation leads to resource management. This vulnerability is referenced as CVE-2017-12238. The attack needs to be initiated within the local network. Furthermore, an exploit is available. Restrictive firewalling should be applied.
Details
A vulnerability was found in Cisco IOS 15.0/15.1/15.2/15.3/15.4 (Router Operating System) and classified as problematic. Affected by this issue is an unknown function of the component VPLS. The manipulation with an unknown input leads to a resource management vulnerability. Using CWE to declare the problem leads to CWE-399. Impacted is availability. CVE summarizes:
A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS 15.0 through 15.4 for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a denial of service (DoS) condition. The vulnerability is due to a memory management issue in the affected software. An attacker could exploit this vulnerability by creating a large number of VPLS-generated MAC entries in the MAC address table of an affected device. A successful exploit could allow the attacker to cause a C6800-16P10G or C6800-16P10G-XL type line card to crash, resulting in a DoS condition. This vulnerability affects Cisco Catalyst 6800 Series Switches that are running a vulnerable release of Cisco IOS Software and have a Cisco C6800-16P10G or C6800-16P10G-XL line card in use with Supervisor Engine 6T. To be vulnerable, the device must also be configured with VPLS and the C6800-16P10G or C6800-16P10G-XL line card needs to be the core-facing MPLS interfaces. Cisco Bug IDs: CSCva61927.
The bug was discovered 09/27/2017. The weakness was published 09/29/2017 with Cisco (Website). The advisory is shared for download at securitytracker.com. This vulnerability is handled as CVE-2017-12238 since 08/03/2017. The attack needs to approached within the local network. No form of authentication is required for exploitation. Technical details are unknown but an exploit is available.
It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 103672 (Cisco IOS Software VPLS denial of service (cisco-sa-20170927-vpls)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CISCO and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 316144 (Cisco IOS Software VPLS Denial of Service Vulnerability (cisco-sa-20170927-vpls)). This issue was added on 03/03/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 03/24/2022:
Apply updates per vendor instructions.Addressing this vulnerability is possible by firewalling . A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (103672), EUVD (EUVD-2017-3811) and SecurityFocus (BID 101040†). Similar entries are available at VDB-107237 and VDB-107236. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.cisco.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.3
VulDB Base Score: 4.3
VulDB Temp Score: 4.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Resource managementCWE: CWE-399 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 103672
Nessus Name: Cisco IOS Software VPLS denial of service (cisco-sa-20170927-vpls)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: FirewallStatus: 🔍
0-Day Time: 🔍
Timeline
08/03/2017 🔍09/27/2017 🔍
09/27/2017 🔍
09/27/2017 🔍
09/28/2017 🔍
09/29/2017 🔍
09/29/2017 🔍
10/05/2017 🔍
07/30/2025 🔍
Sources
Vendor: cisco.comAdvisory: securitytracker.com⛔
Researcher: Cisco
Organization: Cisco
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2017-12238 (🔍)
GCVE (CVE): GCVE-0-2017-12238
GCVE (VulDB): GCVE-100-107240
EUVD: 🔍
OVAL: 🔍
SecurityFocus: 101040 - Cisco IOS Software for Cisco Catalyst 6800 Series Switches Denial of Service Vulnerability
SecurityTracker: 1039453
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 09/29/2017 12:02Updated: 07/30/2025 07:07
Changes: 09/29/2017 12:02 (71), 11/20/2019 13:26 (6), 01/14/2021 18:20 (2), 01/14/2021 18:23 (1), 04/23/2024 19:31 (26), 07/17/2024 02:26 (1), 09/09/2024 22:29 (1), 07/30/2025 07:07 (3)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.