CVE-2017-12234: Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
First published: Thu Sep 28 2017(Updated: )
Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS 12.4 through 15.6 could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of crafted CIP packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted CIP packets to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc43709.
Credit: ykramarz@cisco.com ykramarz@cisco.com psirt@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =12.4\(25e\)jao3a | |
| Cisco IOS | =12.4\(25e\)jao20s | |
| Cisco IOS | =12.4\(25e\)jap1n | |
| Cisco IOS | =12.4\(25e\)jap9 | |
| Cisco IOS | =15.0\(2\)sqd7 | |
| Cisco IOS | =15.1\(2\)sg7a | |
| Cisco IOS | =15.2\(2\)e3 | |
| Cisco IOS | =15.2\(2\)e5b | |
| Cisco IOS | =15.2\(2\)eb | |
| Cisco IOS | =15.2\(2\)eb1 | |
| Cisco IOS | =15.2\(2\)eb2 | |
| Cisco IOS | =15.2\(3\)ex | |
| Cisco IOS | =15.2\(4\)ec | |
| Cisco IOS | =15.2\(4\)ec1 | |
| Cisco IOS | =15.2\(4\)ec2 | |
| Cisco IOS | =15.2\(5\)e | |
| Cisco IOS | =15.2\(5\)e2a | |
| Cisco IOS | =15.2\(5\)e2b | |
| Cisco IOS | =15.2\(5a\)e1 | |
| Cisco IOS | =15.3\(3\)jbb6a | |
| Cisco IOS | =15.3\(3\)jc7 | |
| Cisco IOS | =15.3\(3\)jc50 | |
| Cisco IOS | =15.3\(3\)jc51 | |
| Cisco IOS | =15.3\(3\)jca7 | |
| Cisco IOS | =15.3\(3\)jda3 | |
| Cisco IOS | =15.3\(3\)je1 | |
| Cisco IOS | =15.3\(3\)jnc4 | |
| Cisco IOS | =15.3\(3\)jnd2 | |
| Cisco IOS | =15.3\(3\)jnp2 | |
| Cisco IOS | =15.3\(3\)jpb | |
| Cisco IOS | =15.3\(3\)jpb2 | |
| Cisco IOS | =15.3\(3\)jpc3 | |
| Cisco IOS | =15.6\(1\)s1a | |
| Cisco IOS | =15.6\(2\)s0a | |
| Cisco IOS | =15.6\(2\)s2 | |
| Cisco IOS | =15.6\(2\)s3 | |
| Cisco IOS | =15.6\(2\)sp1b | |
| Cisco IOS | =15.6\(2\)sp1c | |
| Cisco IOS | =15.6\(2\)sp2a | |
| Cisco IOS | ||
| All of | ||
| Cisco IOS | >=12.4<=15.6 | |
| Any of | ||
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g\/6g Integrated Services Router | ||
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100-lte Integrated Services Router | ||
| Cisco 1100 Series Integrated Services Router | ||
| Cisco 1100 Terminal Services Gateways | ||
| Cisco 1101-4p | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p | ||
| Cisco 1109-4p | ||
| Cisco 1111-4pwe | ||
| Cisco 1111-8pwb | ||
| Cisco 1111x-8p | ||
| Cisco 1113-8plteeawe | ||
| Cisco 1113-8pmwe | ||
| Cisco 1113-8pwe | ||
| Cisco 1116-4plteeawe | ||
| Cisco 1116-4pwe | ||
| Cisco c1117-4p | ||
| Cisco c1117-4p | ||
| Cisco c1117-4p | ||
| Cisco c1117-4p | ||
| Cisco 1120 firmware | ||
| Cisco Connected Grid Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1131 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 1801 Integrated Service Router | ||
| Cisco 1802 Integrated Service Router | ||
| Cisco 1803 Integrated Service Router | ||
| Cisco 1811 Integrated Service Router | ||
| Cisco 1812 Integrated Service Router | ||
| Cisco 1841 Integrated Service Router | ||
| Cisco 1861 Integrated Service Router | ||
| Cisco 1905 Serial Integrated Services Router | ||
| Cisco 1906c Integrated Services Router | ||
| Cisco 1921 Integrated Services Router | ||
| Cisco ISR (Integrated Services Router) | ||
| Cisco 1941w Integrated Services Router | ||
| Cisco Catalyst IE3200 | ||
| Cisco Catalyst IE3300 | ||
| Cisco Catalyst IE3400 | ||
| Cisco Catalyst IE3400 | ||
| Cisco Catalyst IE9300 | ||
| Cisco ESR-6300-CON-K9 | ||
| Cisco ESR-6300-NCP-K9 | ||
| All of | ||
| >=12.4<=15.6 | ||
| Any of | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-12234?
CVE-2017-12234 has a CVSS score indicating it can lead to denial of service (DoS) conditions due to sensitive vulnerabilities.
How do I fix CVE-2017-12234?
To fix CVE-2017-12234, upgrade the affected Cisco IOS software versions to the latest patched releases.
Which Cisco IOS versions are affected by CVE-2017-12234?
CVE-2017-12234 affects Cisco IOS versions 12.4 through 15.6.
What type of attacks can CVE-2017-12234 facilitate?
CVE-2017-12234 can facilitate attacks that cause an affected device to reload, resulting in a denial of service.
Is CVE-2017-12234 exploitable remotely?
Yes, CVE-2017-12234 is exploitable by unauthenticated remote attackers.
- collector/nvd-index
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/source
- agent/author
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/12.4\(25e\)jao3a
- version/cisco ios/12.4\(25e\)jao20s
- version/cisco ios/12.4\(25e\)jap1n
- version/cisco ios/12.4\(25e\)jap9
- version/cisco ios/15.0\(2\)sqd7
- version/cisco ios/15.1\(2\)sg7a
- version/cisco ios/15.2\(2\)e3
- version/cisco ios/15.2\(2\)e5b
- version/cisco ios/15.2\(2\)eb
- version/cisco ios/15.2\(2\)eb1
- version/cisco ios/15.2\(2\)eb2
- version/cisco ios/15.2\(3\)ex
- version/cisco ios/15.2\(4\)ec
- version/cisco ios/15.2\(4\)ec1
- version/cisco ios/15.2\(4\)ec2
- version/cisco ios/15.2\(5\)e
- version/cisco ios/15.2\(5\)e2a
- version/cisco ios/15.2\(5\)e2b
- version/cisco ios/15.2\(5a\)e1
- version/cisco ios/15.3\(3\)jbb6a
- version/cisco ios/15.3\(3\)jc7
- version/cisco ios/15.3\(3\)jc50
- version/cisco ios/15.3\(3\)jc51
- version/cisco ios/15.3\(3\)jca7
- version/cisco ios/15.3\(3\)jda3
- version/cisco ios/15.3\(3\)je1
- version/cisco ios/15.3\(3\)jnc4
- version/cisco ios/15.3\(3\)jnd2
- version/cisco ios/15.3\(3\)jnp2
- version/cisco ios/15.3\(3\)jpb
- version/cisco ios/15.3\(3\)jpb2
- version/cisco ios/15.3\(3\)jpc3
- version/cisco ios/15.6\(1\)s1a
- version/cisco ios/15.6\(2\)s0a
- version/cisco ios/15.6\(2\)s2
- version/cisco ios/15.6\(2\)s3
- version/cisco ios/15.6\(2\)sp1b
- version/cisco ios/15.6\(2\)sp1c
- version/cisco ios/15.6\(2\)sp2a
- version/cisco ios/12.4
- version/cisco ios/15.6
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g\/6g integrated services router
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100 series integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100-lte integrated services router
- canonical/cisco 1100 terminal services gateways
- canonical/cisco 1101-4p
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p
- canonical/cisco 1109-4p
- canonical/cisco 1111-4pwe
- canonical/cisco 1111-8pwb
- canonical/cisco 1111x-8p
- canonical/cisco 1113-8plteeawe
- canonical/cisco 1113-8pmwe
- canonical/cisco 1113-8pwe
- canonical/cisco 1116-4plteeawe
- canonical/cisco 1116-4pwe
- canonical/cisco c1117-4p
- canonical/cisco 1120 firmware
- canonical/cisco connected grid router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1131 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 1801 integrated service router
- canonical/cisco 1802 integrated service router
- canonical/cisco 1803 integrated service router
- canonical/cisco 1811 integrated service router
- canonical/cisco 1812 integrated service router
- canonical/cisco 1841 integrated service router
- canonical/cisco 1861 integrated service router
- canonical/cisco 1905 serial integrated services router
- canonical/cisco 1906c integrated services router
- canonical/cisco 1921 integrated services router
- canonical/cisco isr (integrated services router)
- canonical/cisco 1941w integrated services router
- canonical/cisco catalyst ie3200
- canonical/cisco catalyst ie3300
- canonical/cisco catalyst ie3400
- canonical/cisco catalyst ie9300
- canonical/cisco esr-6300-con-k9
- canonical/cisco esr-6300-ncp-k9