Denial of service in Cisco IOS/IOS XE - CVE-2017-12211
Published: September 7, 2017
Vulnerability identifier: #VU8141
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2017-12211
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco IOS/IOS XE
Cisco IOS/IOS XE
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to IPv6 sub block corruption. A remote attacker can send specially SNMP data to trigger a flaw in the processing of IPv6 packets, consume excessive CPU resources and cause the target device to reload.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to IPv6 sub block corruption. A remote attacker can send specially SNMP data to trigger a flaw in the processing of IPv6 packets, consume excessive CPU resources and cause the target device to reload.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-12211
The vulnerability is addressed in the following versions: 16.4.2, 16.6(0.100), 16.5(1.7), 16.4(1.80), 16.3(4.92), 15.5(3)S6a, 15.5(3)S6, 15.5(3)S5.14, 15.5(3)M6, 15.2(6.3.30i)E, 15.2(6.1.92i)E.