CVE-2017-12319: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
First published: Tue Mar 27 2018(Updated: )
A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS | =15.4\(1\)s | |
| Cisco IOS XE | <16.3 | |
| Cisco IOS XE Software | ||
| All of | ||
| Any of | ||
| Cisco IOS | =15.4\(1\)s | |
| Cisco IOS XE | <16.3 | |
| Any of | ||
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g\/6g Integrated Services Router | ||
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4gltegb Integrated Services Router | ||
| Cisco 1100-4gltena Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100-lte Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p Integrated Services Router | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p Integrated Services Router | ||
| Cisco 1111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1131 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 1801 Integrated Service Router | ||
| Cisco 1802 Integrated Service Router | ||
| Cisco 1803 Integrated Service Router | ||
| Cisco 1811 Integrated Service Router | ||
| Cisco 1812 Integrated Service Router | ||
| Cisco 1841 Integrated Service Router | ||
| Cisco 1861 Integrated Service Router | ||
| Cisco 1905 Integrated Services Router | ||
| Cisco 1906c Integrated Services Router | ||
| Cisco 1921 Integrated Services Router | ||
| Cisco 1941 Integrated Services Router | ||
| Cisco 1941w Integrated Services Router | ||
| Cisco 4000 Integrated Services Router | ||
| Cisco 422 Integrated Services Router | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4321\/k9-rf Integrated Services Router | ||
| Cisco 4321\/k9-ws Integrated Services Router | ||
| Cisco 4321\/k9 Integrated Services Router | ||
| Cisco 4321 Integrated Services Router | ||
| Cisco 4331\/k9-rf Integrated Services Router | ||
| Cisco 4331\/k9-ws Integrated Services Router | ||
| Cisco 4331\/k9 Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351\/k9-rf Integrated Services Router | ||
| Cisco 4351\/k9-ws Integrated Services Router | ||
| Cisco 4351\/k9 Integrated Services Router | ||
| Cisco 4351 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 44461 Integrated Services Router | ||
| Cisco 4451-x Integrated Services Router | ||
| Cisco 4451 Integrated Services Router | ||
| Cisco 4461 Integrated Services Router | ||
| Cisco 8101-32fh | ||
| Cisco 8101-32h | ||
| Cisco 8102-64h | ||
| Cisco 8201 | ||
| Cisco 8201-32fh | ||
| Cisco 8202 | ||
| Cisco 8208 | ||
| Cisco 8212 | ||
| Cisco 8218 | ||
| Cisco 8800 12-slot | ||
| Cisco 8800 18-slot | ||
| Cisco 8800 4-slot | ||
| Cisco 8800 8-slot | ||
| Cisco 8804 | ||
| Cisco 8808 | ||
| Cisco 8812 | ||
| Cisco 8818 | ||
| Cisco 8831 | ||
| Cisco 9800-40 | ||
| Cisco 9800-80 | ||
| Cisco 9800-cl | ||
| Cisco 9800-l | ||
| Cisco ASR 1000 | ||
| Cisco Asr 1000-esp100 | ||
| Cisco Asr 1000-esp100-x | ||
| Cisco Asr 1000-esp200-x | ||
| Cisco Asr 1000-x | ||
| Cisco Asr 1001 | ||
| Cisco Asr 1001-hx | ||
| Cisco Asr 1001-hx R | ||
| Cisco Asr 1001-x | ||
| Cisco Asr 1001-x R | ||
| Cisco Asr 1002 | ||
| Cisco Asr 1002-hx | ||
| Cisco Asr 1002-hx R | ||
| Cisco Asr 1002-x | ||
| Cisco Asr 1002-x R | ||
| Cisco Asr 1004 | ||
| Cisco Asr 1006 | ||
| Cisco Asr 1006-x | ||
| Cisco Asr 1009-x | ||
| Cisco Asr 1013 | ||
| Cisco Asr 1023 | ||
| Cisco Asr 900 | ||
| Cisco Asr 901-12c-f-d | ||
| Cisco Asr 901-12c-ft-d | ||
| Cisco Asr 901-4c-f-d | ||
| Cisco Asr 901-4c-ft-d | ||
| Cisco Asr 901-6cz-f-a | ||
| Cisco Asr 901-6cz-f-d | ||
| Cisco Asr 901-6cz-fs-a | ||
| Cisco Asr 901-6cz-fs-d | ||
| Cisco Asr 901-6cz-ft-a | ||
| Cisco Asr 901-6cz-ft-d | ||
| Cisco Asr 901s-2sg-f-ah | ||
| Cisco Asr 901s-2sg-f-d | ||
| Cisco Asr 901s-3sg-f-ah | ||
| Cisco Asr 901s-3sg-f-d | ||
| Cisco Asr 901s-4sg-f-d | ||
| Cisco Asr 902 | ||
| Cisco Asr 902u | ||
| Cisco Catalyst 8200 | ||
| Cisco Catalyst 8300 | ||
| Cisco Catalyst 8300-1n1s-4t2x | ||
| Cisco Catalyst 8300-1n1s-6t | ||
| Cisco Catalyst 8300-2n2s-4t2x | ||
| Cisco Catalyst 8300-2n2s-6t | ||
| Cisco Catalyst 8500 | ||
| Cisco Catalyst 8500-4qc | ||
| Cisco Catalyst 8500l | ||
| Cisco Catalyst 8510csr | ||
| Cisco Catalyst 8510msr | ||
| Cisco Catalyst 8540csr | ||
| Cisco Catalyst 8540msr | ||
| Cisco Catalyst 9200 | ||
| Cisco Catalyst 9200cx | ||
| Cisco Catalyst 9200l | ||
| Cisco Catalyst 9300 | ||
| Cisco Catalyst 9300-24p-a | ||
| Cisco Catalyst 9300-24p-e | ||
| Cisco Catalyst 9300-24s-a | ||
| Cisco Catalyst 9300-24s-e | ||
| Cisco Catalyst 9300-24t-a | ||
| Cisco Catalyst 9300-24t-e | ||
| Cisco Catalyst 9300-24u-a | ||
| Cisco Catalyst 9300-24u-e | ||
| Cisco Catalyst 9300-24ux-a | ||
| Cisco Catalyst 9300-24ux-e | ||
| Cisco Catalyst 9300-48p-a | ||
| Cisco Catalyst 9300-48p-e | ||
| Cisco Catalyst 9300-48s-a | ||
| Cisco Catalyst 9300-48s-e | ||
| Cisco Catalyst 9300-48t-a | ||
| Cisco Catalyst 9300-48t-e | ||
| Cisco Catalyst 9300-48u-a | ||
| Cisco Catalyst 9300-48u-e | ||
| Cisco Catalyst 9300-48un-a | ||
| Cisco Catalyst 9300-48un-e | ||
| Cisco Catalyst 9300-48uxm-a | ||
| Cisco Catalyst 9300-48uxm-e | ||
| Cisco Catalyst 9300l | ||
| Cisco Catalyst 9300l-24p-4g-a | ||
| Cisco Catalyst 9300l-24p-4g-e | ||
| Cisco Catalyst 9300l-24p-4x-a | ||
| Cisco Catalyst 9300l-24p-4x-e | ||
| Cisco Catalyst 9300l-24t-4g-a | ||
| Cisco Catalyst 9300l-24t-4g-e | ||
| Cisco Catalyst 9300l-24t-4x-a | ||
| Cisco Catalyst 9300l-24t-4x-e | ||
| Cisco Catalyst 9300l-48p-4g-a | ||
| Cisco Catalyst 9300l-48p-4g-e | ||
| Cisco Catalyst 9300l-48p-4x-a | ||
| Cisco Catalyst 9300l-48p-4x-e | ||
| Cisco Catalyst 9300l-48t-4g-a | ||
| Cisco Catalyst 9300l-48t-4g-e | ||
| Cisco Catalyst 9300l-48t-4x-a | ||
| Cisco Catalyst 9300l-48t-4x-e | ||
| Cisco Catalyst 9300l Stack | ||
| Cisco Catalyst 9300lm | ||
| Cisco Catalyst 9300x | ||
| Cisco Catalyst 9400 | ||
| Cisco Catalyst 9400 Supervisor Engine-1 | ||
| Cisco Catalyst 9407r | ||
| Cisco Catalyst 9410r | ||
| Cisco Catalyst 9500 | ||
| Cisco Catalyst 9500h | ||
| Cisco Catalyst 9600 | ||
| Cisco Catalyst 9600 Supervisor Engine-1 | ||
| Cisco Catalyst 9600x | ||
| Cisco Catalyst 9800 | ||
| Cisco Catalyst 9800-40 | ||
| Cisco Catalyst 9800-80 | ||
| Cisco Catalyst 9800-cl | ||
| Cisco Catalyst 9800-l | ||
| Cisco Catalyst 9800-l-c | ||
| Cisco Catalyst 9800-l-f | ||
| Cisco Catalyst Ie3200 Rugged Switch | ||
| Cisco Catalyst Ie3300 Rugged Switch | ||
| Cisco Cloud Services Router 1000v | ||
| Cisco Esr-6300-con-k9 | ||
| Cisco Esr-6300-ncp-k9 | ||
| Cisco Integrated Services Virtual Router | ||
| Cisco Network Convergence System 520 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco IOS XE Software vulnerability?
The vulnerability ID for this Cisco IOS XE Software vulnerability is CVE-2017-12319.
What is the severity level of CVE-2017-12319?
CVE-2017-12319 has a severity level of high.
How does CVE-2017-12319 affect Cisco IOS XE Software?
CVE-2017-12319 can cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table.
What software versions are affected by CVE-2017-12319?
Cisco IOS XE Software versions 15.4(1)s and up to 16.3 are affected by CVE-2017-12319.
Where can I find more information about CVE-2017-12319?
You can find more information about CVE-2017-12319 on the SecurityFocus and Cisco Security Advisories websites.
- collector/nvd-index
- agent/type
- agent/description
- agent/title
- agent/weakness
- agent/author
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/tags
- collector/nvd-cve
- vendor/cisco
- canonical/cisco ios
- version/cisco ios/15.4\(1\)s
- canonical/cisco ios xe
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g\/6g integrated services router
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4gltegb integrated services router
- canonical/cisco 1100-4gltena integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100-lte integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p integrated services router
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p integrated services router
- canonical/cisco 1111x integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1131 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 1801 integrated service router
- canonical/cisco 1802 integrated service router
- canonical/cisco 1803 integrated service router
- canonical/cisco 1811 integrated service router
- canonical/cisco 1812 integrated service router
- canonical/cisco 1841 integrated service router
- canonical/cisco 1861 integrated service router
- canonical/cisco 1905 integrated services router
- canonical/cisco 1906c integrated services router
- canonical/cisco 1921 integrated services router
- canonical/cisco 1941 integrated services router
- canonical/cisco 1941w integrated services router
- canonical/cisco 4000 integrated services router
- canonical/cisco 422 integrated services router
- canonical/cisco 4221 integrated services router
- canonical/cisco 4321\/k9-rf integrated services router
- canonical/cisco 4321\/k9-ws integrated services router
- canonical/cisco 4321\/k9 integrated services router
- canonical/cisco 4321 integrated services router
- canonical/cisco 4331\/k9-rf integrated services router
- canonical/cisco 4331\/k9-ws integrated services router
- canonical/cisco 4331\/k9 integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351\/k9-rf integrated services router
- canonical/cisco 4351\/k9-ws integrated services router
- canonical/cisco 4351\/k9 integrated services router
- canonical/cisco 4351 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 44461 integrated services router
- canonical/cisco 4451-x integrated services router
- canonical/cisco 4451 integrated services router
- canonical/cisco 4461 integrated services router
- canonical/cisco 8101-32fh
- canonical/cisco 8101-32h
- canonical/cisco 8102-64h
- canonical/cisco 8201
- canonical/cisco 8201-32fh
- canonical/cisco 8202
- canonical/cisco 8208
- canonical/cisco 8212
- canonical/cisco 8218
- canonical/cisco 8800 12-slot
- canonical/cisco 8800 18-slot
- canonical/cisco 8800 4-slot
- canonical/cisco 8800 8-slot
- canonical/cisco 8804
- canonical/cisco 8808
- canonical/cisco 8812
- canonical/cisco 8818
- canonical/cisco 8831
- canonical/cisco 9800-40
- canonical/cisco 9800-80
- canonical/cisco 9800-cl
- canonical/cisco 9800-l
- canonical/cisco asr 1000
- canonical/cisco asr 1000-esp100
- canonical/cisco asr 1000-esp100-x
- canonical/cisco asr 1000-esp200-x
- canonical/cisco asr 1000-x
- canonical/cisco asr 1001
- canonical/cisco asr 1001-hx
- canonical/cisco asr 1001-hx r
- canonical/cisco asr 1001-x
- canonical/cisco asr 1001-x r
- canonical/cisco asr 1002
- canonical/cisco asr 1002-hx
- canonical/cisco asr 1002-hx r
- canonical/cisco asr 1002-x
- canonical/cisco asr 1002-x r
- canonical/cisco asr 1004
- canonical/cisco asr 1006
- canonical/cisco asr 1006-x
- canonical/cisco asr 1009-x
- canonical/cisco asr 1013
- canonical/cisco asr 1023
- canonical/cisco asr 900
- canonical/cisco asr 901-12c-f-d
- canonical/cisco asr 901-12c-ft-d
- canonical/cisco asr 901-4c-f-d
- canonical/cisco asr 901-4c-ft-d
- canonical/cisco asr 901-6cz-f-a
- canonical/cisco asr 901-6cz-f-d
- canonical/cisco asr 901-6cz-fs-a
- canonical/cisco asr 901-6cz-fs-d
- canonical/cisco asr 901-6cz-ft-a
- canonical/cisco asr 901-6cz-ft-d
- canonical/cisco asr 901s-2sg-f-ah
- canonical/cisco asr 901s-2sg-f-d
- canonical/cisco asr 901s-3sg-f-ah
- canonical/cisco asr 901s-3sg-f-d
- canonical/cisco asr 901s-4sg-f-d
- canonical/cisco asr 902
- canonical/cisco asr 902u
- canonical/cisco catalyst 8200
- canonical/cisco catalyst 8300
- canonical/cisco catalyst 8300-1n1s-4t2x
- canonical/cisco catalyst 8300-1n1s-6t
- canonical/cisco catalyst 8300-2n2s-4t2x
- canonical/cisco catalyst 8300-2n2s-6t
- canonical/cisco catalyst 8500
- canonical/cisco catalyst 8500-4qc
- canonical/cisco catalyst 8500l
- canonical/cisco catalyst 8510csr
- canonical/cisco catalyst 8510msr
- canonical/cisco catalyst 8540csr
- canonical/cisco catalyst 8540msr
- canonical/cisco catalyst 9200
- canonical/cisco catalyst 9200cx
- canonical/cisco catalyst 9200l
- canonical/cisco catalyst 9300
- canonical/cisco catalyst 9300-24p-a
- canonical/cisco catalyst 9300-24p-e
- canonical/cisco catalyst 9300-24s-a
- canonical/cisco catalyst 9300-24s-e
- canonical/cisco catalyst 9300-24t-a
- canonical/cisco catalyst 9300-24t-e
- canonical/cisco catalyst 9300-24u-a
- canonical/cisco catalyst 9300-24u-e
- canonical/cisco catalyst 9300-24ux-a
- canonical/cisco catalyst 9300-24ux-e
- canonical/cisco catalyst 9300-48p-a
- canonical/cisco catalyst 9300-48p-e
- canonical/cisco catalyst 9300-48s-a
- canonical/cisco catalyst 9300-48s-e
- canonical/cisco catalyst 9300-48t-a
- canonical/cisco catalyst 9300-48t-e
- canonical/cisco catalyst 9300-48u-a
- canonical/cisco catalyst 9300-48u-e
- canonical/cisco catalyst 9300-48un-a
- canonical/cisco catalyst 9300-48un-e
- canonical/cisco catalyst 9300-48uxm-a
- canonical/cisco catalyst 9300-48uxm-e
- canonical/cisco catalyst 9300l
- canonical/cisco catalyst 9300l-24p-4g-a
- canonical/cisco catalyst 9300l-24p-4g-e
- canonical/cisco catalyst 9300l-24p-4x-a
- canonical/cisco catalyst 9300l-24p-4x-e
- canonical/cisco catalyst 9300l-24t-4g-a
- canonical/cisco catalyst 9300l-24t-4g-e
- canonical/cisco catalyst 9300l-24t-4x-a
- canonical/cisco catalyst 9300l-24t-4x-e
- canonical/cisco catalyst 9300l-48p-4g-a
- canonical/cisco catalyst 9300l-48p-4g-e
- canonical/cisco catalyst 9300l-48p-4x-a
- canonical/cisco catalyst 9300l-48p-4x-e
- canonical/cisco catalyst 9300l-48t-4g-a
- canonical/cisco catalyst 9300l-48t-4g-e
- canonical/cisco catalyst 9300l-48t-4x-a
- canonical/cisco catalyst 9300l-48t-4x-e
- canonical/cisco catalyst 9300l stack
- canonical/cisco catalyst 9300lm
- canonical/cisco catalyst 9300x
- canonical/cisco catalyst 9400
- canonical/cisco catalyst 9400 supervisor engine-1
- canonical/cisco catalyst 9407r
- canonical/cisco catalyst 9410r
- canonical/cisco catalyst 9500
- canonical/cisco catalyst 9500h
- canonical/cisco catalyst 9600
- canonical/cisco catalyst 9600 supervisor engine-1
- canonical/cisco catalyst 9600x
- canonical/cisco catalyst 9800
- canonical/cisco catalyst 9800-40
- canonical/cisco catalyst 9800-80
- canonical/cisco catalyst 9800-cl
- canonical/cisco catalyst 9800-l
- canonical/cisco catalyst 9800-l-c
- canonical/cisco catalyst 9800-l-f
- canonical/cisco catalyst ie3200 rugged switch
- canonical/cisco catalyst ie3300 rugged switch
- canonical/cisco cloud services router 1000v
- canonical/cisco esr-6300-con-k9
- canonical/cisco esr-6300-ncp-k9
- canonical/cisco integrated services virtual router
- canonical/cisco network convergence system 520
- canonical/cisco ios xe software