CVE-2017-12233: Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
First published: Fri Sep 29 2017(Updated: )
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCuz95334.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =12.4\(25e\)jao3a | |
| Cisco IOS | =12.4\(25e\)jao20s | |
| Cisco IOS | =12.4\(25e\)jap1n | |
| Cisco IOS | =12.4\(25e\)jap9 | |
| Cisco IOS | =15.0\(2\)sqd7 | |
| Cisco IOS | =15.1\(2\)sg7a | |
| Cisco IOS | =15.2\(2\)e3 | |
| Cisco IOS | =15.2\(2\)e5b | |
| Cisco IOS | =15.2\(2\)eb | |
| Cisco IOS | =15.2\(2\)eb1 | |
| Cisco IOS | =15.2\(2\)eb2 | |
| Cisco IOS | =15.2\(3\)ex | |
| Cisco IOS | =15.2\(4\)ec | |
| Cisco IOS | =15.2\(4\)ec1 | |
| Cisco IOS | =15.2\(4\)ec2 | |
| Cisco IOS | =15.2\(5\)e | |
| Cisco IOS | =15.2\(5\)e2a | |
| Cisco IOS | =15.2\(5\)e2b | |
| Cisco IOS | =15.2\(5a\)e1 | |
| Cisco IOS | =15.3\(3\)jbb6a | |
| Cisco IOS | =15.3\(3\)jc7 | |
| Cisco IOS | =15.3\(3\)jc50 | |
| Cisco IOS | =15.3\(3\)jc51 | |
| Cisco IOS | =15.3\(3\)jca7 | |
| Cisco IOS | =15.3\(3\)jda3 | |
| Cisco IOS | =15.3\(3\)je1 | |
| Cisco IOS | =15.3\(3\)jnc4 | |
| Cisco IOS | =15.3\(3\)jnd2 | |
| Cisco IOS | =15.3\(3\)jnp2 | |
| Cisco IOS | =15.3\(3\)jpb | |
| Cisco IOS | =15.3\(3\)jpb2 | |
| Cisco IOS | =15.3\(3\)jpc3 | |
| Cisco IOS | =15.6\(1\)s1a | |
| Cisco IOS | =15.6\(2\)s0a | |
| Cisco IOS | =15.6\(2\)s2 | |
| Cisco IOS | =15.6\(2\)s3 | |
| Cisco IOS | =15.6\(2\)sp1b | |
| Cisco IOS | =15.6\(2\)sp1c | |
| Cisco IOS | =15.6\(2\)sp2a | |
| Cisco IOS Software | ||
| All of | ||
| Cisco IOS | >=12.4<=15.6 | |
| Any of | ||
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g\/6g Integrated Services Router | ||
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-4p | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100-8p | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100-lte Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1100 Terminal Services Gateways | ||
| Cisco 1101-4p | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p | ||
| Cisco 1109-4p | ||
| Cisco 1111-4pwe | ||
| Cisco 1111-8pwb | ||
| Cisco 1111x-8p | ||
| Cisco 1113-8plteeawe | ||
| Cisco 1113-8pmwe | ||
| Cisco 1113-8pwe | ||
| Cisco 1116-4plteeawe | ||
| Cisco 1116-4pwe | ||
| Cisco 1117-4plteeawe | ||
| Cisco 1117-4pmlteeawe | ||
| Cisco 1117-4pmwe | ||
| Cisco 1117-4pwe | ||
| Cisco 1120 | ||
| Cisco 1120 Connected Grid Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1131 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 1801 Integrated Service Router | ||
| Cisco 1802 Integrated Service Router | ||
| Cisco 1803 Integrated Service Router | ||
| Cisco 1811 Integrated Service Router | ||
| Cisco 1812 Integrated Service Router | ||
| Cisco 1841 Integrated Service Router | ||
| Cisco 1861 Integrated Service Router | ||
| Cisco 1905 Integrated Services Router | ||
| Cisco 1906c Integrated Services Router | ||
| Cisco 1921 Integrated Services Router | ||
| Cisco 1941 Integrated Services Router | ||
| Cisco 1941w Integrated Services Router | ||
| Cisco Catalyst Ie3200 Rugged Switch | ||
| Cisco Catalyst Ie3300 Rugged Switch | ||
| Cisco Catalyst Ie3400 Heavy Duty Switch | ||
| Cisco Catalyst Ie3400 Rugged Switch | ||
| Cisco Catalyst Ie9300 | ||
| Cisco Esr-6300-con-k9 | ||
| Cisco Esr-6300-ncp-k9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/weakness
- agent/event
- agent/author
- agent/severity
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.4\(25e\)jao3a
- version/cisco ios/12.4\(25e\)jao20s
- version/cisco ios/12.4\(25e\)jap1n
- version/cisco ios/12.4\(25e\)jap9
- version/cisco ios/15.0\(2\)sqd7
- version/cisco ios/15.1\(2\)sg7a
- version/cisco ios/15.2\(2\)e3
- version/cisco ios/15.2\(2\)e5b
- version/cisco ios/15.2\(2\)eb
- version/cisco ios/15.2\(2\)eb1
- version/cisco ios/15.2\(2\)eb2
- version/cisco ios/15.2\(3\)ex
- version/cisco ios/15.2\(4\)ec
- version/cisco ios/15.2\(4\)ec1
- version/cisco ios/15.2\(4\)ec2
- version/cisco ios/15.2\(5\)e
- version/cisco ios/15.2\(5\)e2a
- version/cisco ios/15.2\(5\)e2b
- version/cisco ios/15.2\(5a\)e1
- version/cisco ios/15.3\(3\)jbb6a
- version/cisco ios/15.3\(3\)jc7
- version/cisco ios/15.3\(3\)jc50
- version/cisco ios/15.3\(3\)jc51
- version/cisco ios/15.3\(3\)jca7
- version/cisco ios/15.3\(3\)jda3
- version/cisco ios/15.3\(3\)je1
- version/cisco ios/15.3\(3\)jnc4
- version/cisco ios/15.3\(3\)jnd2
- version/cisco ios/15.3\(3\)jnp2
- version/cisco ios/15.3\(3\)jpb
- version/cisco ios/15.3\(3\)jpb2
- version/cisco ios/15.3\(3\)jpc3
- version/cisco ios/15.6\(1\)s1a
- version/cisco ios/15.6\(2\)s0a
- version/cisco ios/15.6\(2\)s2
- version/cisco ios/15.6\(2\)s3
- version/cisco ios/15.6\(2\)sp1b
- version/cisco ios/15.6\(2\)sp1c
- version/cisco ios/15.6\(2\)sp2a
- version/cisco ios/12.4
- version/cisco ios/15.6
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g\/6g integrated services router
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-4p
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100-lte integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1100 terminal services gateways
- canonical/cisco 1101-4p
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p
- canonical/cisco 1109-4p
- canonical/cisco 1111-4pwe
- canonical/cisco 1111-8pwb
- canonical/cisco 1111x-8p
- canonical/cisco 1113-8plteeawe
- canonical/cisco 1113-8pmwe
- canonical/cisco 1113-8pwe
- canonical/cisco 1116-4plteeawe
- canonical/cisco 1116-4pwe
- canonical/cisco 1117-4plteeawe
- canonical/cisco 1117-4pmlteeawe
- canonical/cisco 1117-4pmwe
- canonical/cisco 1117-4pwe
- canonical/cisco 1120
- canonical/cisco 1120 connected grid router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1131 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 1801 integrated service router
- canonical/cisco 1802 integrated service router
- canonical/cisco 1803 integrated service router
- canonical/cisco 1811 integrated service router
- canonical/cisco 1812 integrated service router
- canonical/cisco 1841 integrated service router
- canonical/cisco 1861 integrated service router
- canonical/cisco 1905 integrated services router
- canonical/cisco 1906c integrated services router
- canonical/cisco 1921 integrated services router
- canonical/cisco 1941 integrated services router
- canonical/cisco 1941w integrated services router
- canonical/cisco catalyst ie3200 rugged switch
- canonical/cisco catalyst ie3300 rugged switch
- canonical/cisco catalyst ie3400 heavy duty switch
- canonical/cisco catalyst ie3400 rugged switch
- canonical/cisco catalyst ie9300
- canonical/cisco esr-6300-con-k9
- canonical/cisco esr-6300-ncp-k9
- canonical/cisco ios software