The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C
This CVE is in the KEV database since March 3, 2022.
Exploitation active
Automatable yes
Technical Impact total
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
AND |
|
No data.
References
History
Fri, 15 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2017-09-28T07:00:00
Updated: 2024-11-15T17:56:33.432Z
Reserved: 2017-08-03T00:00:00
Link: CVE-2017-12240
Vulnrichment
Updated: 2024-08-05T18:28:16.785Z
NVD
Status : Modified
Published: 2017-09-29T01:34:49.077
Modified: 2024-11-21T03:09:06.497
Link: CVE-2017-12240
Redhat
No data.