Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-3857

Опубликовано: 22 мар. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 7.8
EPSS Низкий

Описание

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Версия от 12.0 (включая) до 12.4 (включая)
cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
Версия от 15.0 (включая) до 15.6 (включая)
cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*
Версия от 3.1.0 (включая) до 3.18.0 (включая)

EPSS

Процентиль: 78%
0.01141
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-399
CWE-400

Связанные уязвимости

github логотип

GHSA-8hj8-9m54-wvpw

CVSS3: 7.5
github
больше 3 лет назад

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS (12.0 through 12.4 and 15.0 through 15.6) and Cisco IOS XE (3.1 through 3.18) could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of L2TP packets. An attacker could exploit this vulnerability by sending a crafted L2TP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS or Cisco IOS XE Software if the L2TP feature is enabled for the device and the device is configured as an L2TP Version 2 (L2TPv2) or L2TP Version 3 (L2TPv3) endpoint. By default, the L2TP feature is not enabled. Cisco Bug IDs: CSCuy82078.

fstec логотип

BDU:2017-01185

fstec
почти 9 лет назад

Уязвимость функции L2TP операционной системы Cisco IOS, позволяющая нарушителю вызвать перезагрузку устройства и отказ в обслуживании

EPSS

Процентиль: 78%
0.01141
Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-399
CWE-400