CVE DATABASE / CVE-2017-12232
CVE-2017-12232
Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability
Confirmed exploited in the wild. Added 2022-03-03.
Federal remediation due 2022-03-24.
Required action: Apply updates per vendor instructions.
Summary
A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS 15.0 through 15.6 could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a misclassification of Ethernet frames. An attacker could exploit this vulnerability by sending a crafted Ethernet frame to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc03809.
CVSS 3.1 breakdown
| Base score | 6.5 (MEDIUM) |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack vector | ADJACENT_NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/101044
- http://www.securitytracker.com/id/1039452
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170927-rbip-dos
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12232
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.